Talk:Security for developers

From MediaWiki.org
Jump to: navigation, search

[edit] More cowbell

Should Sanitizer::escapeClass be mentioned in Security_for_developers#Cross-site_scripting or is it more of a table of examples rather than thorough list?

Also, per this and then later this and this, Uncyclopedia once found a half dozen parser tag extensions on Wikia allowed raw html injection. And this has happened more than once. It got to be routine that ever new parser tag would immediately get tested with <tag><script>alert('hi!')</script></tag>. Is this covered yet and/or is this type of accidental vulnerability not easily achieved anymore? So spaketh php agnostic: Splarka 17:48, 11 May 2009 (UTC)

[edit] Demonstrably secure example

It would be helpful if two code snippets were added--one that is demonstrably secure and one that is suspicious but both do the same thing. Right now, demonstrably secure is fuzzy in meaning. Phy1729 18:37, 17 October 2010 (UTC)

Retrieved from "http://www.mediawiki.org/w/index.php?title=Talk:Security_for_developers&oldid=357311"
Personal tools
Namespaces
Variants
Actions
Site
Support
Download
Development
Communication
Print/export
Toolbox