https://bugzilla.wikimedia.org/show_bug.cgi?id=22675
--- Comment #6 from Bawolff <bawolff...@gmail.com> 2010-07-01 00:29:37 UTC --- Created an attachment (id=7536) --> (https://bugzilla.wikimedia.org/attachment.cgi?id=7536) Patch that fixes <html> issue - however this entire thing is insecure... I found what was wrong. DPL was using <html> in a rather hacky (and somewhat insecure way). When mediawiki changed how it handled <html> in r61913, the hack this extension used broke. the attached patch fixes the issue as far as I can tell. However, not only is the approach this extension takes to raw html utterly scary, it is also insecure. (This patch doesn't add any new security issues, but i feel hesitant contributing a fix to the mechinism, which in my opinion is insecure until the underlying security problems have been addressed) -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
