Template:XSS alert

From MediaWiki.org

Jump to: navigation, search
WARNING: the code or configuration described here poses a major security risk.

Problem: Vulnerable to Cross-site scripting attacks, because it passes user input directly to the browser. This may lead to user accounts being hijacked, among other things.
Solution: strictly validate user input and/or apply escaping to all characters that have a special meaning in HTML


Description
Adds an alert box describing a Cross-site scripting vulnerability in including Extension page. Also adds including page to Category:Extensions with XSS vulnerabilities
Example
{{XSS alert|~~~~}}
WARNING: the code or configuration described here poses a major security risk.

Problem: Vulnerable to Cross-site scripting attacks, because it passes user input directly to the browser. This may lead to user accounts being hijacked, among other things.
Solution: strictly validate user input and/or apply escaping to all characters that have a special meaning in HTML
Signed: Duesentrieb 13:43, 22 March 2007 (UTC)
Retrieved from "http://www.mediawiki.org/wiki/Template:XSS_alert"
Personal tools