mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/Popups
synced 2024-11-15 03:34:03 +00:00
a8859658f5
Including tests for all situations. I believe it is impossible or extremely hard to actually abuse any of these places. All these data are not extracted from the current page, but delivered either by MediaWiki's api.php or a RESTful endpoint, as configured via $wgPopupsGateway and $wgPopupsRestGatewayEndpoint. A possible attacker would need to write it's own endpoint (which must either run on the same server or somehow ignore the CSRF token), and set the value of mw.config.values.wgPopupsRestGatewayEndpoint on the client to this endpoint – which requires just *another* attack vector to be able to do this. It's "the right thing"(tm) to escape all this anyway. I found two possibly relevant security reviews of this extension, T88171 and T129177, resolved in 2015 and 2016. Bug: T88171 Bug: T129177 Bug: T214754 Bug: T214971 Change-Id: I1d118c9ccaea434a253a772d18139b9b077118ab |
||
|---|---|---|
| .. | ||
| node-qunit | ||
| phpunit | ||
| selenium | ||