WMDE-leszek added a comment.
Hi @Bawolff, it's me again. With https://gerrit.wikimedia.org/r/418715 would you be able to claim the security review was done?TASK DETAILhttps://phabricator.wikimedia.org/T186726EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: Bawo
gerritbot added a comment.
Change 418715 merged by jenkins-bot:
[mediawiki/extensions/WikibaseLexeme@master] Escape HTML in comma-separator message in FormsView
https://gerrit.wikimedia.org/r/418715TASK DETAILhttps://phabricator.wikimedia.org/T186726EMAIL PREFERENCEShttps://phabricator.wikimedia.o
gerritbot added a comment.
Change 418715 had a related patch set uploaded (by Thiemo Kreuz (WMDE); owner: Thiemo Kreuz (WMDE)):
[mediawiki/extensions/WikibaseLexeme@master] Escape HTML in comma-separator message in FormsView
https://gerrit.wikimedia.org/r/418715TASK DETAILhttps://phabricator.wikim
Bawolff added a comment.
re: FormIdFormatter and SenseIdFormatter - I thought they might later be extended to a real implementation, which is why I was concerned, but as long as its just a dummy implementation that's eventually going away, that's all cool.
re: click-jacking: Yeah, it really is a w
WMDE-leszek added a comment.
Thanks a lot @Bawolff for the review. We believe we've addressed all the issues pointed out, as elaborated above by @thiemowmde. Could you please have another look whether we're good now?
As mentioned above, some of the issues were not "fixed". If you think those still
gerritbot added a comment.
Change 416406 merged by jenkins-bot:
[mediawiki/extensions/WikibaseLexeme@master] Add missing htmlspecialchars() to SensesView
https://gerrit.wikimedia.org/r/416406TASK DETAILhttps://phabricator.wikimedia.org/T186726EMAIL PREFERENCEShttps://phabricator.wikimedia.org/sett
gerritbot added a comment.
Change 416406 had a related patch set uploaded (by Thiemo Kreuz (WMDE); owner: Thiemo Kreuz (WMDE)):
[mediawiki/extensions/WikibaseLexeme@master] Add missing htmlspecialchars() to SensesView
https://gerrit.wikimedia.org/r/416406TASK DETAILhttps://phabricator.wikimedia.or
thiemowmde added a comment.
I added the WIP originally. The only open dependency is a separate security review of https://github.com/wmde/php-vuejs-templating, which needs a separate #security-reviews ticket. Everything else is resolved, so this is ready to go from my point of view. :-)TASK DETAILh
