[Bug 44262] Magic word to escape HTML attributes

https://bugzilla.wikimedia.org/show_bug.cgi?id=44262 Andre Klapper aklap...@wikimedia.org changed: What|Removed |Added Version|unspecified |1.21-git --

[Bug 44262] Magic word to escape HTML attributes

https://bugzilla.wikimedia.org/show_bug.cgi?id=44262 Pavel Selitskas p.selits...@gmail.com changed: What|Removed |Added Assignee|wikibugs-l@lists.wikimedia.

[Bug 44262] Magic word to escape HTML attributes

https://bugzilla.wikimedia.org/show_bug.cgi?id=44262 Pavel Selitskas p.selits...@gmail.com changed: What|Removed |Added Priority|Unprioritized |Low

[Bug 44262] Magic word to escape HTML attributes

https://bugzilla.wikimedia.org/show_bug.cgi?id=44262 Matthew Flaschen mflasc...@wikimedia.org changed: What|Removed |Added CC|

[Bug 44262] Magic word to escape HTML attributes

https://bugzilla.wikimedia.org/show_bug.cgi?id=44262 --- Comment #1 from Chris Steipp cste...@wikimedia.org --- This is probably the best list: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules_Summary This is general, so in our specific case

[Bug 44262] Magic word to escape HTML attributes

https://bugzilla.wikimedia.org/show_bug.cgi?id=44262 --- Comment #2 from Matthew Flaschen mflasc...@wikimedia.org --- This particular bug is orthogonal to which attributes to allow. As far as escaping, that page says: HTML Attribute Encoding Except for alphanumeric characters, escape all

[Bug 44262] Magic word to escape HTML attributes

https://bugzilla.wikimedia.org/show_bug.cgi?id=44262 Richard Guk richardg...@yahoo.com changed: What|Removed |Added CC|