I have created a patch for the gallery tag and have been given the following review.
https://gerrit.wikimedia.org/r/4609 * JavaScript injection: you can inject javascript: URIs which execute code when clicked * plain links ("link=Firefox") are taken as relative URLs which will randomly work or not work depending on where they're viewed from * need parser test cases to demo it working So my questions are: What would be the recommended way of stripping away javascript from uris? Are there any shared functions which do exactly this? And how would i solve the plain links problem? do a regex check for an absolute uri? e.g http://example.org/foo/bar? And what is "parser test cases", phpunit tests? or some other form of testing? Thank you! Kim Eik. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
