https://bugzilla.wikimedia.org/show_bug.cgi?id=48772
Gabriel Wicke <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #2 from Gabriel Wicke <[email protected]> --- 1) Is not an issue, as prefix is not allowed in the PHP sanitizer (and not in our sanitizer either). 2) Is something for later. The risk here is mainly crashes during serialization. 3) Should be supported. We only want to protect our own values where necessary. The typeof attribute for example is multi-valued, so we only need to strip mw:-prefixed user-supplied values. The about attribute on the other hand is single-valued, so we need to override user-supplied values unconditionally where necessary. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
