Greetings all, I'm not sure if this is the right mailing list to be posting this question to, so if I should be posting to mediawiki-api, please let me know. (I think I'm in the right spot though.)
I have a question about recursiveTagParse(). Is it XSS safe? As in, do I need to escape its output with htmlspecialchars() or does it take care of that for me? I am writing a tag extension, and I need it to be able to parse wiki text. I have followed the instructions at http://www.mediawiki.org/wiki/Manual:Tag_extensions#Version_1.8_to_version_1.15 (I am running MW 1.15.4), but it doesn't specify if the output is XSS safe or not. Erring on the side of caution, I have pre-escaped all of my user supplied variables with htmlspecialchars(), but if I could avoid this step it would be wonderful, both for the simplicity of coding and performance. Thanks for any advice you can offer, it's much appreciated. - Vadtec
signature.asc
Description: OpenPGP digital signature
_______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
