[Pkg-mediawiki-devel] Bug#696179: Bug#696179: Bug#696179: mediawiki-extensions-base: RSS_Reader Javascript injection

Platonides platonides at gmail.com
Mon Dec 17 19:24:50 UTC 2012

Thorsten Glaser wrote:
> Does Mediawiki have an API which you can pass some
> string of HTML which will throw out all unknown or
> “unsafe” (whatever that means) tags, tidy it up to
> produce valid XHTML, and return that? Otherweise,
> I guess Suggests: php-htmlpurifier and using that
> if existent, saying “I don’t wanna” if not and the
> text mode (as opposed to the default just-the-headlines
> mode) is enabled is the way forward.

Yep. Take a look at includes/Sanitizer.php

More information about the Pkg-mediawiki-devel mailing list