https://bugzilla.wikimedia.org/show_bug.cgi?id=27544
Aryeh Gregor <simetrical+wikib...@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Simetrical+wikibugs@gmail.c | |om --- Comment #22 from Aryeh Gregor <simetrical+wikib...@gmail.com> 2011-02-21 23:46:25 UTC --- Although maybe we should define a subset of SVG using our own DTD, excluding script elements and attributes, and test for validity using that DTD. That would be a very easy way to do whitelist-based security, which makes me feel happier than the current blacklist-based approach. Are we really sure that all JS-activating attributes start with "on", and that no element will allow script if it's not named "script"? (But that's a separate issue.) -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l