Thread:User talk:Dantman/Extension:SecureHTML - XSS risk?/reply

I took a look at the code. It relies on Title::isProtected, which appears to return true if a page is semi-protected. That means that untrusted users who have simply become autoconfirmed are capable of making XSS attacks on the wiki.