https://bugzilla.wikimedia.org/show_bug.cgi?id=29837
Brion Vibber <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX --- Comment #1 from Brion Vibber <[email protected]> 2011-07-13 00:35:06 UTC --- http://www.mediawiki.org/wiki/Extension:Widget The Widget extension allows execution of arbitrary Smarty template code on the server (therefore arbitrary HTML & client-side JavaScript and arbitrary PHP code on the server, therefore arbitrary Unix executables if you try hard enough). This is not suitable for Wikimedia's security requirements. Most useful things that can be done this way should be possible with templates (always safe), user/site JavaScript/gadgets (client-side JS code requires either individual user opt-in or an admin to set it up site-wide), or a combination. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
