Extension talk:AllowAnchorTags

From MediaWiki.org

Jump to: navigation, search

Aren't there potential XSS vulnerabilities opened by this extension? Jean-Lou Dupont 21:53, 9 April 2007 (UTC)

indeed - a) be failing to escape user input, and b) by design through javascript: urls. -- Duesentrieb 23:06, 9 April 2007 (UTC)

I can't get the target attribute to the URL to work. Also the script is available at ...esnips.com link is broken.

Retrieved from "http://www.mediawiki.org/wiki/Extension_talk:AllowAnchorTags"
Personal tools