https://bugzilla.wikimedia.org/show_bug.cgi?id=32013
Krinkle <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |upstream --- Comment #10 from Krinkle <[email protected]> 2012-03-19 13:39:54 UTC --- (In reply to comment #9) > (In reply to comment #7) > > You can work around this problem by offering > > your service via a Gadget instead of a Toolserver tool. > > Krinkle, > > Should we fix this so a workaround isn't needed? The workaround I suggested is a better coding pattern in general, I wouldn't consider it a workaround. However in general POSTING to a MediaWiki edit-action should work. Although I wouldn't recommend doing it in any scenario, the bug is valid. But unless there is a way I don't know about, this is an upstream issue we can't do much about. If I understand the problem correctly, the IE development team made a decision to now allow this type of submission and as such implemented an XXS filter to break it. Reporting upstream to Microsoft will be pointless as this XSS filter is a decision by them, a feature, not a bug. Even if there is any way to "fix" it from our side (it wouldn't be the first security leak in IE), as soon as we publish that fix it is not unlikely that IE will get a security update making that fix no longer work. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
