-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10-08-11 02:11 AM, Tim Starling wrote: > *.toolserver.org is most likely full of XSS vulnerabilities.
You're very probably right - Dispenser has been looking for them in the past few days, and I don't think they had much difficulty doing so. > I don't think any private data should be delivered on this domain at > all. Well, we're asking to have this exposed in the UI and/or API. It happens to be "private" because nobody bothered to make it available - not because it falls under the definition of "private data" we use in the privacy policy, for example. That said, until it /is/ made available in the API or UI, I'll certainly respect the rules regarding making such data available. - -Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkxiPu4ACgkQst0AR/DaKHtirACglMKT1zJxtkuHSqdr9VYpNF1G xfIAn26u7EKSXPrdDwOO1ZppPYQowvdI =6/8Z -----END PGP SIGNATURE----- _______________________________________________ Toolserver-l mailing list ([email protected]) https://lists.wikimedia.org/mailman/listinfo/toolserver-l Posting guidelines for this list: https://wiki.toolserver.org/view/Mailing_list_etiquette
