On 26/06/2009, at 3:21 PM, Aryeh Gregor wrote: > On Fri, Jun 26, 2009 at 8:22 AM, Steve Bennett<[email protected]> > wrote: >> 3) A limited number of admin-controlled special templates can use an >> even wider range of features, including raw HTML. > > Admins are not going to be allowed to insert raw HTML. At least, not > ordinary admins.
They already can, with Javascript, so there's no XSS issue. -- Andrew Garrett Contract Developer, Wikimedia Foundation [email protected] http://werdn.us _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
