https://bugzilla.wikimedia.org/show_bug.cgi?id=35715
--- Comment #2 from Chris Steipp <[email protected]> --- Unfortunately, this is still a bit of a risk. Most browsers still do some content sniffing, so what OTRS did with the patch is still the right thing to do. MediaWiki itself has extensive filtering against these types of attacks, by not allowing files that would trigger these attacks to be uploaded. The alternative is to either filter the incoming attachments, or serve them from an alternate domain name. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
