Extension talk:NamespaceReadRestrict

Security concerns about use of isset
If I recall correctly, the use of isset is an XSS vulnerability.--Jasper Deng (talk) 01:44, 12 September 2012 (UTC)
 * I did a cursory google search and checked security for developers. I see nothing along those lines; let me know if you come up with anything. Leucosticte (talk) 02:26, 12 September 2012 (UTC)
 * See Security for developers and Template:Page security extension disclaimer.--Jasper Deng (talk) 02:38, 12 September 2012 (UTC)
 * OK, I got rid of isset. I don't quite see what you're getting at with the latter link. Is the recently-added TitleReadWhitelist a secure means of accomplishing per-page restriction? If so, what is the issue you are concerned about? Leucosticte (talk) 13:39, 12 September 2012 (UTC)