On Fri, Jan 30, 2015 at 2:02 PM, Brion Vibber <[email protected]> wrote:
> On Thu, Jan 29, 2015 at 5:38 PM, Brad Jorsch (Anomie) < > [email protected] > > wrote: > > > On Thu, Jan 29, 2015 at 2:47 PM, Arlo Breault <[email protected]> > > wrote: > > > https://gerrit.wikimedia.org/r/#/c/181519/ > > > > > > > To clarify, the possible solutions seem to be: > > > > 1. Unstrip the marker and then encode the content. This is a security > hole > > (T73167) > > > > I'd be inclined to unstrip the marker *and squash HTML to plaintext*, then > encode the plaintext... > I don't see how that addresses the security issue. _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
