On Mon, Jan 16, 2012 at 7:22 PM, Jeroen De Dauw <jeroended...@gmail.com> wrote: > Hey, > > Do we trust that messages do not have evil (XSS) stuff in them? The reason > why I ask is that I was just using .msg from mediawiki.jqueryMsg, and > realized that things in the message do not get escaped. Since the function > can take in HTML elements, this seems to be pretty inherent. > > jQueryMsg doesn't really do this very well just yet, that's an issue with jQueryMsg.
Roan _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l