[MediaWiki-commits] [Gerrit] mediawiki...TextExtracts[REL1_29]: Play things safe when stripping HTML

Brian Wolff (Code Review) Fri, 30 Jun 2017 05:18:13 -0700

Brian Wolff has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/362390 )


Change subject: Play things safe when stripping HTML
......................................................................

Play things safe when stripping HTML

Script and input tags if outputted by other extensions can
theoretically allow an XSS issue.

Just in case let's do this here.

Bug: T107206
Change-Id: I889f7827fb9084b7cf853a1843fdc48821237d65
---
M extension.json
1 file changed, 3 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/TextExtracts 
refs/changes/90/362390/1

diff --git a/extension.json b/extension.json
index d1d4145..71c4fcd 100644
--- a/extension.json
+++ b/extension.json
@@ -38,6 +38,9 @@
                "ExtractsRemoveClasses": [
                        "table",
                        "div",
+                       "script",
+                       "input",
+                       "style",
                        "ul.gallery",
                        ".mw-editsection",
                        "sup.reference",

-- 
To view, visit https://gerrit.wikimedia.org/r/362390
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I889f7827fb9084b7cf853a1843fdc48821237d65
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/TextExtracts
Gerrit-Branch: REL1_29
Gerrit-Owner: Brian Wolff <[email protected]>
Gerrit-Reviewer: Jdlrobson <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...TextExtracts[REL1_29]: Play things safe when stripping HTML

Reply via email to