Jdlrobson has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/362253 )
Change subject: Play things safe when stripping HTML ...................................................................... Play things safe when stripping HTML Script and input tags if outputted by other extensions can theoretically allow an XSS issue. Just in case let's do this here. Bug: T107206 Change-Id: I889f7827fb9084b7cf853a1843fdc48821237d65 (cherry picked from commit e9e261908d6c809b71b20dc8facd6209fe061264) --- M extension.json 1 file changed, 2 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/TextExtracts refs/changes/53/362253/1 diff --git a/extension.json b/extension.json index 259bbc4..71c4fcd 100644 --- a/extension.json +++ b/extension.json @@ -38,6 +38,8 @@ "ExtractsRemoveClasses": [ "table", "div", + "script", + "input", "style", "ul.gallery", ".mw-editsection", -- To view, visit https://gerrit.wikimedia.org/r/362253 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I889f7827fb9084b7cf853a1843fdc48821237d65 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/TextExtracts Gerrit-Branch: wmf/1.30.0-wmf.7 Gerrit-Owner: Jdlrobson <jrob...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits