mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/TextExtracts
synced 2024-11-27 17:40:16 +00:00
Play things safe when stripping HTML
Script and input tags if outputted by other extensions can theoretically allow an XSS issue. Just in case let's do this here. Bug: T107206 Change-Id: I889f7827fb9084b7cf853a1843fdc48821237d65
This commit is contained in:
parent
e64f985b82
commit
4864ae86b9
|
@ -41,6 +41,9 @@
|
|||
"ExtractsRemoveClasses": [
|
||||
"table",
|
||||
"div",
|
||||
"script",
|
||||
"input",
|
||||
"style",
|
||||
"ul.gallery",
|
||||
".mw-editsection",
|
||||
"sup.reference",
|
||||
|
|
Loading…
Reference in a new issue