https://bugzilla.wikimedia.org/show_bug.cgi?id=35315
--- Comment #10 from Tim Starling <tstarl...@wikimedia.org> 2012-04-16 10:20:41 UTC --- For XSS, this test case seems to work just as well: {{#tag:charinsert|<nowiki>','',''); alert("XSS",')</nowiki>}} It doesn't need forged strip markers. But the infinite loop in comment 4 does need forged strip markers. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l