User "Nikerabbit" changed the status of MediaWiki.r102038. Old Status: new New Status: fixme
User "Nikerabbit" also posted a comment on MediaWiki.r102038. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/102038#c25541 Commit summary: bugfix (output escaped twice) Comment: I just tested setFunctionHook (what this is too). The input is provided as-is - no parsing or escaping is done to it. Also if you use insertStripItem to add output, no escaping or parsing is done for the output either. Please point where the escaping is done, because otherwise this is arbitrary html injection. _______________________________________________ MediaWiki-CodeReview mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
