[Pkg-mediawiki-devel] Bug#696179: Bug#696179: mediawiki-extensions-base: RSS_Reader Javascript injection
Thorsten Glaser
t.glaser at tarent.de
Wed Dec 19 10:48:24 UTC 2012
Dixi quod…
> Of course, this will not work on the message body. I’ll look at
Ok, it’s worse than I expected: when using “text” mode
with desc=on, the body is also vulnerable but on the
other hand, proper HTML is broken:
‣ <p>Will drive to <a href="http://www.google.com/webhp?hl=la&q=Chemnitzer+Linuxtage">Chemnitz</a>
> the MW sanitiser later.
Lunchbreak, then that, I guess.
bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Sebastian Mancke
More information about the Pkg-mediawiki-devel
mailing list