wikimedia/mediawiki-extensions-TextExtracts
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/TextExtracts synced 2024-11-27 09:30:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Play things safe when stripping HTML

Browse source 
Script and input tags if outputted by other extensions can
theoretically allow an XSS issue.

Just in case let's do this here.

Bug: T107206
Change-Id: I889f7827fb9084b7cf853a1843fdc48821237d65
This commit is contained in:
jdlrobson 2017-06-29 10:46:57 -07:00 committed by Brian Wolff
parent e31cf4734c
commit aecd1c8320
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
extension.json
View file

@ -38,6 +38,9 @@
"ExtractsRemoveClasses": [
"table",
"div",
"script",
"input",
"style",
"ul.gallery",
".mw-editsection",
"sup.reference",