Manual:$wgUseXssLanguage/pl

From mediawiki.org
This page is a translated version of the page Manual:$wgUseXssLanguage and the translation is 9% complete.
Languages:
Language, regional and character encoding settings: $wgUseXssLanguage
Whether to enable the x-xss language code, used to make checking for XSS issues more convenient.
Wprowadzono w wersji:1.41.0 (Gerrit change 959239; git #e9991ffb)
Usunięto w wersji:nadal w użyciu
Dozwolone wartości:(boolean)
Domyślna wartość:false (but true in DevelopmentSettings.php )
Inne ustawienia: Alfabetycznie | Według funkcji

Details

Whether to enable the x-xss language code, used to make checking for XSS issues more convenient.

When this feature is enabled, the language code can be selected via the ?uselang=x-xss URL parameter. In this fake language, every message becomes a simulated cross-site scripting attack, trying to run alert("message-key") JavaScript code; this simulates an attacker who can change individual messages (e.g. an administrator who can edit the MediaWiki namespace ). If any alert is shown in the browser, then the corresponding message was not escaped correctly; either the code using the message needs to be fixed, or the message key should be added to $wgRawHtmlMessages .

Zobacz też

Retrieved from "https://www.mediawiki.org/w/index.php?title=Manual:$wgUseXssLanguage/pl&oldid=6345301"