[Bug 64183] New: JS injection vulnerability in Html::element()?

bugzilla-daemon Mon, 21 Apr 2014 05:58:27 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=64183


            Bug ID: 64183
           Summary: JS injection vulnerability in Html::element()?
           Product: MediaWiki
           Version: 1.23rc
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: General/Unknown
          Assignee: [email protected]
          Reporter: [email protected]
       Web browser: ---
   Mobile Platform: ---

I'm running MediaWiki 1.23alpha. Having the following test code in one of my
extensions:

Html::element( 'a', array( 'href' => "javascript:window.alert('danger!')" ),
'Click here' );

...displays a link that, when clicked on, pops up an alert. I'm told that this
is not correct behavior, so I'm submitting a bug for it.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 64183] New: JS injection vulnerability in Html::element()?

Reply via email to