User "^demon" changed the status of MediaWiki.r95387. Old Status: new New Status: ok
Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/95387 Commit summary: Followup r95316, r95317 per CR: escape the URL before using it in HTML. It doesn't look like this was a viable XSS vector because FullRequestURL comes with strange characters urlencoded (at least on Apache) but it sure looked scary _______________________________________________ MediaWiki-CodeReview mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
