https://bugzilla.wikimedia.org/show_bug.cgi?id=66226
--- Comment #8 from Greg Grossmeier <[email protected]> --- (In reply to Kunal Mehta (Legoktm) from comment #7) > Well, given that the actual code that generates these links was merged in > Feburary (and already enabled on a WMF site), it's a bit late for a security > review. The amount of code added in > If8706343136ca25c0967aad3a8451283330d636f is extremely small compared to the > size of the extension, and doesn't warrant a specialized review IMO. Saying something bypassed the process is not a reason for it not to follow the process. # of lines also isn't (inherently) an indicator of security risk. > > Can someone familiar with the code comment on the data flow for this? Where > > is it getting data from? How is it displaying it? Does it sanitize itself? > > How is the data modified? etc > > I don't understand why this is necessary? They were questions to get an idea of how well security was thought about during the development of the feature. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
