https://bugzilla.wikimedia.org/show_bug.cgi?id=44262
Andre Klapper aklap...@wikimedia.org changed:
What|Removed |Added
Version|unspecified |1.21-git
--
https://bugzilla.wikimedia.org/show_bug.cgi?id=44262
Pavel Selitskas p.selits...@gmail.com changed:
What|Removed |Added
Assignee|wikibugs-l@lists.wikimedia.
https://bugzilla.wikimedia.org/show_bug.cgi?id=44262
Pavel Selitskas p.selits...@gmail.com changed:
What|Removed |Added
Priority|Unprioritized |Low
https://bugzilla.wikimedia.org/show_bug.cgi?id=44262
Matthew Flaschen mflasc...@wikimedia.org changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=44262
--- Comment #1 from Chris Steipp cste...@wikimedia.org ---
This is probably the best list:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules_Summary
This is general, so in our specific case
https://bugzilla.wikimedia.org/show_bug.cgi?id=44262
--- Comment #2 from Matthew Flaschen mflasc...@wikimedia.org ---
This particular bug is orthogonal to which attributes to allow. As far as
escaping, that page says:
HTML Attribute Encoding Except for alphanumeric characters, escape all
https://bugzilla.wikimedia.org/show_bug.cgi?id=44262
Richard Guk richardg...@yahoo.com changed:
What|Removed |Added
CC|