https://bugzilla.wikimedia.org/show_bug.cgi?id=46528
--- Comment #7 from p858snake <[email protected]> --- (In reply to comment #5) > (In reply to comment #4) > > > So it would seem that every request for addition to $wgRSSUrlWhitelist > > > needs > > > to be carefully reviewed for security. > > > > Hmm, I wonder why this is. > > It formats the HTML in blog posts, I'm sure you can understand why that is a > issue. (I will just note what I dropped in the IRC channel) <p858snake|l_> TimStarling: actually it might not format html, I was reading the extension page and it looks like I was getting confused with it "Format Links" and "Format Images" option <p858snake|l_> Susan: ^ <p858snake|l_> but would probably want to make sure its cache setup is setup properly before you do it clusterwide <Susan> I assumed it sent raw HTML through the MediaWiki parser/sanitizer. <Susan> But only because that seemed like the only sane thing to do. No idea if it actually does. <Susan> I suppose sanitizing <a> would be problematic. -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
