[Pkg-mediawiki-devel] Bug#696179: Bug#696179: Bug#696179: mediawiki-extensions-base: RSS_Reader Javascript injection
Thorsten Glaser
t.glaser at tarent.de
Wed Dec 19 13:34:48 UTC 2012
Dixi quod…
> On Mon, 17 Dec 2012, Platonides wrote:
>
> > Yep. Take a look at includes/Sanitizer.php
>
> That’s almost perfect but excludes hyperlinks and possibly
> (depending on a global setting) images.
The global setting appears to be disabled by default.
> Is it safe to add them to the $extratags argument of removeHTMLtags?
This works for a but actually does _not_ work for img due to
the order of checks and extratags being added to tagpairs…
(not an answer on the question of safety though).
I’ve done a draft commit, but I’m not 100% happy with it at
the moment. On the other hand, people could always follow
the head link…
I’ll update the code on the Wiki page again once we found
a solution (and re-exclude the Debian specific disabling
caching by default due to the code location not being
writable). I guess I should bump the version then ;-)
bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-314
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Boris Esser, Sebastian Mancke
More information about the Pkg-mediawiki-devel
mailing list