Thread:User talk:Pastakhov/Marking extensions as security risks

Unless you've actually tested these extensions and have found vulnerabilities, don't arbitrarily mark them as vulnerable. I've reverted your edit to my extension (Extension:RegexFunctions) until you can email me proof that such a vulnerability actually exists and how to exploit it. I'm going to go through the code of the other two extensions you marked and see if they are vulnerable as well from a cursory glance, but I encourage you to contact their authors as well if you actually managed to find a way to exploit them.