Extension talk:AllowAnchorTags

From mediawiki.org
Latest comment: 16 years ago by Duesentrieb

Aren't there potential XSS vulnerabilities opened by this extension? Jean-Lou Dupont 21:53, 9 April 2007 (UTC)Reply

indeed - a) be failing to escape user input, and b) by design through javascript: urls. -- Duesentrieb 23:06, 9 April 2007 (UTC)Reply

I can't get the target attribute to the URL to work. Also the script is available at ...esnips.com link is broken.

-- 20080709 BEGIN--
The closing ?> was missing from the end of the php file.
The addAnchorTag function didn't have a return statment, which caused an error, so I added 'return true;'
The tar.gz file needs to be updated, as it doesn't contain these changes, nor does it contain the $wgExtensionCredits section at the top of AllowAnchorTags.php.
-- 20080709 END --