https://bugzilla.wikimedia.org/show_bug.cgi?id=44262
Web browser: ---
Bug ID: 44262
Summary: Magic word to escape HTML attributes
Product: MediaWiki
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: Parser
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Classification: Unclassified
Mobile Platform: ---
As long as HTML5 has been rolled out, data attributes are coming into our
houses, and into Wikimedia projects too (at least, some people desire them).
There are some urlencoding magic words, but there is no specific magic words
for HTML attributes. Should we have one, or if not, what can you suggest to use
instead?
I'm not very confident with what should be escaped so that we don't worry much
about its security. If no one is interested in _coding_, I can assign this to
myself, but I'd like some security guidance (like this:
<http://wonko.com/post/html-escaping>).
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
