2009/8/15 Daniel Friesen <[email protected]>: > Add a &ctype= param? > That would require sanitization anyway. I haven't forgotten why &format=txt and &format=dbg use text/text instead of text/plain : if the MIME type is text/plain and IE thinks it looks like HTML, it'll parse it as HTML, triggering some nice HTML and JavaScript injection vulnerabilities.
Roan Kattouw (Catrope) _______________________________________________ Mediawiki-api mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
