Brian Wolff has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/397587 )
Change subject: Html escaping functions shouldn't clear non-html taint ...................................................................... Html escaping functions shouldn't clear non-html taint Change-Id: I88df9274a1b3554d3113374d42131fdf5117c180 --- M MediaWikiSecurityCheckPlugin.php 1 file changed, 6 insertions(+), 6 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/tools/phan/SecurityCheckPlugin refs/changes/87/397587/1 diff --git a/MediaWikiSecurityCheckPlugin.php b/MediaWikiSecurityCheckPlugin.php index 37a682c..f9c8198 100644 --- a/MediaWikiSecurityCheckPlugin.php +++ b/MediaWikiSecurityCheckPlugin.php @@ -373,25 +373,25 @@ 'overall' => self::YES_TAINT ], '\Html::rawElement' => [ - self::HTML_TAINT, + self::YES_TAINT, self::NO_TAINT, - self::HTML_TAINT, + self::YES_TAINT, 'overall' => self::NO_TAINT ], '\Html::element' => [ - self::HTML_TAINT, + self::YES_TAINT, self::NO_TAINT, self::NO_TAINT, 'overall' => self::NO_TAINT ], '\Xml::tags' => [ - self::HTML_TAINT, + self::YES_TAINT, self::NO_TAINT, - self::HTML_TAINT, + self::YES_TAINT, 'overall' => self::NO_TAINT ], '\Xml::element' => [ - self::HTML_TAINT, + self::YES_TAINT, self::NO_TAINT, self::NO_TAINT, 'overall' => self::NO_TAINT -- To view, visit https://gerrit.wikimedia.org/r/397587 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I88df9274a1b3554d3113374d42131fdf5117c180 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/tools/phan/SecurityCheckPlugin Gerrit-Branch: master Gerrit-Owner: Brian Wolff <bawolff...@gmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits