On 16 January 2012 20:22, Jeroen De Dauw <[email protected]> wrote: > Hey, > > Do we trust that messages do not have evil (XSS) stuff in them?
Ignoring the "how" for a moment, I personally think that no new uses of unescaped message output should be introduced, and we should get rid of the existing ones. -Niklas -- Niklas Laxström _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
