User "Pgehres (WMF)" posted a comment on MediaWiki.r99802. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/99802#c25213 Commit summary:
Intial commit of Extension:FundraiserLandingPage Comment: How secure it is depends mostly on how you use it in templates. With $wgRawHtml enabled, as it is on wikimediafoundation.org, it would be possible to construct a template which passes a user input string through to an unsafe context, such as an onclick attribute. The performance also concerns me. In the past, pages which are linked from banners have had a very high request rate, and this special page doesn't have any caching. If you linked directly to it from banners on all wikis, the site would probably go down. Can you give me some more details about the problem you're trying to solve? Were there a large number of landing pages created last year? If so, can you give me links to some of them? -- Tim Starling _______________________________________________ MediaWiki-CodeReview mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
