[Bug 33985] New: Setting protocol relative circumvents blacklist

bugzilla-daemon Fri, 27 Jan 2012 02:13:08 -0800

https://bugzilla.wikimedia.org/show_bug.cgi?id=33985


       Web browser: ---
             Bug #: 33985
           Summary: Setting protocol relative circumvents blacklist
           Product: MediaWiki
           Version: 1.18.1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: Unprioritized
         Component: General/Unknown
        AssignedTo: wikibugs-l@lists.wikimedia.org
        ReportedBy: billinghu...@gmail.com
    Classification: Unclassified


By use of the protocol relative urls, one is able to create urls that
circumvent the blacklist

eg. [//skiptest.info skiptest]] will form a clickable functional url

I have tested at meta against the global spamlist, and at local wiki against
the Mediawiki:Spam-blacklist at that wiki, both times success (if you call that
success <urk>)

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 33985] New: Setting protocol relative circumvents blacklist

Reply via email to