Template talk:XSS alert

Using Widgets extension to avoid these
I created Extension:Widgets in part because security is very important and one of the goals for http://www.mediawikiwidgets.org is to solve some of the problems as well as create a community of reviewers for things that are simply insert some parametrized HTML/JS/CSS into the pages.

Any ideas how this can be perfected and used wider in MediaWiki community?

Any concerns?

I'll appreciate any comments.

Thank you,

Sergey Chernyshev 17:58, 5 March 2010 (UTC)

clearer explanation needed
"strictly validate user input and/or apply escaping to all characters that have a special meaning in HTML"

Can someone explain how this is done in the template, or link to a page on how this is done? I have no idea what this all means. Adamtheclown 16:53, 24 November 2010 (UTC)
 * See XSS. What you precisely have to do to fix the issue can vary depending on what you're doing, but 80% of the time all that is required is to pass output through  before outputing content in an extension. Bawolff 19:50, 24 November 2010 (UTC)