Brian Wolff has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/397587 )
Change subject: Html escaping functions shouldn't clear non-html taint
......................................................................
Html escaping functions shouldn't clear non-html taint
Change-Id: I88df9274a1b3554d3113374d42131fdf5117c180
---
M MediaWikiSecurityCheckPlugin.php
1 file changed, 6 insertions(+), 6 deletions(-)
git pull
ssh://gerrit.wikimedia.org:29418/mediawiki/tools/phan/SecurityCheckPlugin
refs/changes/87/397587/1
diff --git a/MediaWikiSecurityCheckPlugin.php b/MediaWikiSecurityCheckPlugin.php
index 37a682c..f9c8198 100644
--- a/MediaWikiSecurityCheckPlugin.php
+++ b/MediaWikiSecurityCheckPlugin.php
@@ -373,25 +373,25 @@
'overall' => self::YES_TAINT
],
'\Html::rawElement' => [
- self::HTML_TAINT,
+ self::YES_TAINT,
self::NO_TAINT,
- self::HTML_TAINT,
+ self::YES_TAINT,
'overall' => self::NO_TAINT
],
'\Html::element' => [
- self::HTML_TAINT,
+ self::YES_TAINT,
self::NO_TAINT,
self::NO_TAINT,
'overall' => self::NO_TAINT
],
'\Xml::tags' => [
- self::HTML_TAINT,
+ self::YES_TAINT,
self::NO_TAINT,
- self::HTML_TAINT,
+ self::YES_TAINT,
'overall' => self::NO_TAINT
],
'\Xml::element' => [
- self::HTML_TAINT,
+ self::YES_TAINT,
self::NO_TAINT,
self::NO_TAINT,
'overall' => self::NO_TAINT
--
To view, visit https://gerrit.wikimedia.org/r/397587
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I88df9274a1b3554d3113374d42131fdf5117c180
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/tools/phan/SecurityCheckPlugin
Gerrit-Branch: master
Gerrit-Owner: Brian Wolff <bawolff...@gmail.com>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
