https://bugzilla.wikimedia.org/show_bug.cgi?id=35820
Quim Gil <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected], | |[email protected] --- Comment #1 from Quim Gil <[email protected]> --- There is a proposal to improve Extension:CSS at http://www.mediawiki.org/wiki/Mentorship_programs/Possible_projects#Improve_Extension:CSS Pasting the part related with security to get more feedback: "The CSS extension relies on basic blacklisting functionality in MediaWiki core to prevent XSS. It would be great if a proper CSS parser [1] was integrated and a set of whitelists implemented to offer various levels of capability/protection trade-offs. For example, some wikis may want all CSS selectors prefixed with "#mw-content-text" and properties like "position", etc. disabled to limit the effect of styles to the article content. Other sites may want everything except XSS-able properties/values." [1] https://github.com/sabberworm/PHP-CSS-Parser -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
