"Hashar" posted a comment on MediaWiki.r95680. URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/95680#c28331
Commit summary for MediaWiki.r95680: (bug 30617) inline comments forms cannot be closed On clicking a line, a javascript insert a <tr> element containg the form. That <tr> did not get an unique id which caused troubles when opening multiples inline comments. This patch forge an id based on the diff line it applies to which should be unique since we only allow one comment form per line. Hashar's comment: I do not understand how an attacker can take advantage of this for cross site scripting. The line id is generated by the PHP script. One would have to change the id using javascript, which mean it could already inject whatever it wants anywhere. Anyway, I got a follow up change to make sure the line id is an integer :-) _______________________________________________ MediaWiki-CodeReview mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
