Thread:User talk:Dantman/Extension:SecureHTML - XSS risk?/reply (2)

Ah ok. Since Jean-Lou Dupont is inactive, I'd like to fix it for myself.

I don't autopromote e-mail-confirmed users. Editing is allowed for registered users only: $wgGroupPermissions['*']['edit']             = false; $wgGroupPermissions['user']['edit']          = true;

Is that safe enough?

I protect all pages for "Administrators only". How could I check isProtected against that?