Talk:Security for developers

From MediaWiki.org

Jump to: navigation, search

[edit] More cowbell

Should Sanitizer::escapeClass be mentioned in Security_for_developers#Cross-site_scripting or is it more of a table of examples rather than thorough list?

Also, per this and then later this and this, Uncyclopedia once found a half dozen parser tag extensions on Wikia allowed raw html injection. And this has happened more than once. It got to be routine that ever new parser tag would immediately get tested with <tag><script>alert('hi!')</script></tag>. Is this covered yet and/or is this type of accidental vulnerability not easily achieved anymore? So spaketh php agnostic: Splarka 17:48, 11 May 2009 (UTC)

Retrieved from "http://www.mediawiki.org/wiki/Talk:Security_for_developers"