https://bugzilla.wikimedia.org/show_bug.cgi?id=35820
Bawolff (Brian Wolff) <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #4 from Bawolff (Brian Wolff) <[email protected]> --- > > There are good reasons for the parser to strip some CSS out, but in addition > to > documenting this issue (which this bug does, and I'll do in the extension > docs > in a moment), it should be configurable whether the CSS extension lets the > parser sanitize, for example, when used on private wikis. The reason sanitizer doesn't let that through, is we don't want people to be able to load external resources from inline css *This could in theory be used as a DOS attack against somebody else if someone put it on a popular page. *It can be used to track users, and associate usernames with ip addresses (i.e. have {{REVISIONUSER}} in the query string of the external resource. (There could be other resons. Those two are just the two I know about) -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
