On Wed, 06 Feb 2013 22:27:46 -0800, Q <[email protected]> wrote:
On 2/7/2013 12:24 AM, Chad wrote:
I think that this is a solution in search
of a problem.
How about saying, extensions on mw.org shouldn't expose security
vulnerabilities to wiki's running them. That would probably be a better
metric.
That's what {{XSS alert}}, {{SQL injection alert}}, and {{Code injection
alert}} are for.
We have a few dozen extensions that fall under these topics.
Although we've exiled the extensions that permit PHP execution.
--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/]
_______________________________________________
Wikitech-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
