[MediaWiki-commits] [Gerrit] mediawiki...TextExtracts[master]: Play things safe when stripping HTML

Jdlrobson (Code Review) Thu, 29 Jun 2017 10:48:06 -0700

Jdlrobson has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/362252 )


Change subject: Play things safe when stripping HTML
......................................................................

Play things safe when stripping HTML

Script and input tags if outputted by other extensions can
theoretically allow an XSS issue.

Just in case let's do this here.

Bug: T107206
Change-Id: I889f7827fb9084b7cf853a1843fdc48821237d65
---
M extension.json
1 file changed, 2 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/TextExtracts 
refs/changes/52/362252/1

diff --git a/extension.json b/extension.json
index 259bbc4..71c4fcd 100644
--- a/extension.json
+++ b/extension.json
@@ -38,6 +38,8 @@
                "ExtractsRemoveClasses": [
                        "table",
                        "div",
+                       "script",
+                       "input",
                        "style",
                        "ul.gallery",
                        ".mw-editsection",

-- 
To view, visit https://gerrit.wikimedia.org/r/362252
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I889f7827fb9084b7cf853a1843fdc48821237d65
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/TextExtracts
Gerrit-Branch: master
Gerrit-Owner: Jdlrobson <jrob...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...TextExtracts[master]: Play things safe when stripping HTML

Reply via email to