Template:XSS alert/doc

This is a documentation subpage for Template:XSS alert (see that page for the template itself). It contains usage information, categories, interlanguage links and other content that is not part of the original template page.

Template:XSS alert/doc

Description

Adds an alert box describing a Cross-site scripting vulnerability in including Extension page. Also adds including page to Category:Extensions with XSS vulnerabilities

If your extension was tagged with this template please read

• For extension developers and extension users: Cross-site scripting
• Specifically for extension developers: Security for developers

Example

{{XSS alert|~~~~}}

Creates

WARNING: the code or configuration described here poses a major security risk. Problem: Vulnerable to Cross-site scripting attacks, because it passes user input directly to the browser. This may lead to user accounts being hijacked, among other things. Solution: strictly validate user input and/or apply escaping to all characters that have a special meaning in HTML Signed: Duesentrieb ⇌ 13:43, 22 March 2007 (UTC)