https://bugzilla.wikimedia.org/show_bug.cgi?id=33886
Tim Starling <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #2 from Tim Starling <[email protected]> 2012-01-23 02:13:48 UTC --- If there's any way for an <a> tag to sneak through without being added to mOutput, then that will be a vulnerability for SpamBlacklist/AbuseFilter etc. allowing links to be added without being properly flagged. So it's really important that the regex in doHtmlLinks() matches at least as many links as the one in Sanitizer::removeHTMLtags(). So I'd suggest using \W instead of \s to detect the end of the tag name. Otherwise, looks good. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
