[MediaWiki-CodeReview] [MediaWiki r94462]: Revision status changed

Fri, 19 Aug 2011 09:18:28 -0700 

User "^demon" changed the status of MediaWiki.r94462.

Old Status: new
New Status: ok

Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/94462
Commit summary:

This Sanitizer::EVIL_URI_PATTERN is completely inadequate for actual security 
as there are numerious ways to bypass blacklisting.
Since it's only used right now for paranoia in cases you currently can't 
actually exploit a browser we let it slide.
However this thing needs a big fat warning message next to it to avoid someone 
thinking this is actually a good idea for security and ending up later on using 
it and opening up an XSS hole in core.

_______________________________________________
MediaWiki-CodeReview mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview

Reply via email to