On Friday, January 30, 2015 at 1:04 PM, Brion Vibber wrote: > On Fri, Jan 30, 2015 at 12:11 PM, Jackmcbarn <jackmcb...@gmail.com > (mailto:jackmcb...@gmail.com)> wrote: > > > On Fri, Jan 30, 2015 at 2:02 PM, Brion Vibber <bvib...@wikimedia.org > > (mailto:bvib...@wikimedia.org)> > > wrote: > > > > > On Thu, Jan 29, 2015 at 5:38 PM, Brad Jorsch (Anomie) < > > > bjor...@wikimedia.org (mailto:bjor...@wikimedia.org) > > > > wrote: > > > > > > > > > > > > > On Thu, Jan 29, 2015 at 2:47 PM, Arlo Breault <abrea...@wikimedia.org > > > > (mailto:abrea...@wikimedia.org)> > > > > wrote: > > > > > https://gerrit.wikimedia.org/r/#/c/181519/ > > > > > > > > > > > > > > > > To clarify, the possible solutions seem to be: > > > > > > > > 1. Unstrip the marker and then encode the content. This is a security > > > hole > > > > (T73167) > > > > > > > > > > > > I'd be inclined to unstrip the marker *and squash HTML to plaintext*, > > then > > > encode the plaintext... > > > > > > > > I don't see how that addresses the security issue. > > Rollback tokens in the Special:Contributions HTML would then not be > available in the squashed text that got encoded. Thus it could not be > extracted and used in the timing attack.
Is this what you mean by “squash HTML to plaintext”? urlencode( strip_tags( $parser->mStripState->unstripBoth( $s ) ) ); Is strip_tags reliable enough to not get confused and leave those tokens lying around? > > -- brion > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org (mailto:Wikitech-l@lists.wikimedia.org) > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l