https://bugzilla.wikimedia.org/show_bug.cgi?id=19291
--- Comment #3 from Antoine "hashar" Musso <[email protected]> 2012-10-06 06:12:46 UTC --- Not really. That is more a general MediaWiki issue and how we do not detect user input being passed directly to output without proper escaping. The PHP taint extension is exactly what we could use though it is very unlikely we will ever require such an extension as a dependency. I know of facebook/pffff which is an objective caml analyzer for PHP which *might* be able to detect such issues. Anyway not an easy task with the PHP language. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
