[Pkg-mediawiki-devel] Bug#696179: Bug#696179: mediawiki-extensions-base: RSS_Reader Javascript injection

Thorsten Glaser t.glaser at tarent.de
Wed Dec 19 13:00:38 UTC 2012

On Mon, 17 Dec 2012, Platonides wrote:

> Yep. Take a look at includes/Sanitizer.php

That’s almost perfect but excludes hyperlinks and possibly
(depending on a global setting) images.

Is it safe to add them to the $extratags argument of removeHTMLtags?

tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Sebastian Mancke

More information about the Pkg-mediawiki-devel mailing list