wikimedia/mediawiki-extensions-RSS
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/RSS synced 2024-11-23 23:34:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
Mirror of https://gerrit.wikimedia.org/g/mediawiki/extensions/RSS
519 commits 283 branches 0 tags 5 MiB
PHP 98.2%
JavaScript 1.8%
Go to file
Brian Wolff d8d1e067bd SECURITY: Prevent XSS from "stripItem" replacement strings in attribute 
Previously when $wgRSSAllowLinkTag was true, you could put an
<a> tag containing unescaped ", inside another attribute to escape
from the attribute and create an XSS.

This makes the marker include " and ', so if they are put anywhere
where quotes aren't allowed, the marker will get mangled and not
replaced

Bug: T307028
Change-Id: I2f7827103bdee0ea766b1f5e7040e2a022fcd2f3
2022-04-29 12:08:58 -07:00
.phan Add phan 2019-04-25 20:36:55 +02:00
i18n Localisation updates from https://translatewiki.net. 2022-04-04 09:35:03 +02:00
includes SECURITY: Prevent XSS from "stripItem" replacement strings in attribute 2022-04-29 12:08:58 -07:00
.eslintrc.json build: Updating eslint-config-wikimedia to 0.19.0 2021-03-14 10:21:54 +00:00
.gitignore build: Updating mkdirp to 0.5.3 2020-03-21 05:53:53 +00:00
.gitreview Whoops, track not trace 2016-10-24 17:03:24 -07:00
.phpcs.xml build: Updating mediawiki/mediawiki-codesniffer to 33.0.0 2020-11-04 08:49:11 +00:00
CODE_OF_CONDUCT.md build: Updating mediawiki/phan-taint-check-plugin to 1.4.0 2018-09-01 13:39:34 +00:00
composer.json build: Updating mediawiki/mediawiki-codesniffer to 38.0.0 2021-10-24 11:43:02 +00:00
COPYING svn:eol-style native 2010-07-24 16:00:42 +00:00
extension.json Replace deprecated Sanitizer::removeHTMLtags() with safer ::removeSomeTags() 2022-03-04 14:26:41 -05:00
Gruntfile.js build: Updating dependencies 2021-01-30 08:56:28 +00:00
package-lock.json build: Updating ansi-regex to 5.0.1 2021-10-05 07:21:40 +00:00
package.json build: Updating dependencies 2021-05-13 03:17:45 +00:00
README Change http://www.mediawiki.org to https://www.mediawiki.org 2018-03-14 14:50:48 +00:00
RELEASE-NOTES Change http://www.mediawiki.org to https://www.mediawiki.org 2018-03-14 14:50:48 +00:00

README 

== About ==

Displays an RSS feed on a wiki page.
See https://www.mediawiki.org/wiki/Extension:RSS

== Credits to other projects ==

* MagpieRSS
This extension includes code from the MagpieRSS library.
MagpieRSS provides an XML-based (expat) RSS parser in PHP,
and is released under the GPL.