Topic on User talk:P858snake

Woa, why all the deleted pages?

6
Bytesmiths (talkcontribs)

I use several of the extensions you just deleted!

The ones I use can be used without a security problem, and the existing commentary spelled that out fairly well, I thought.

Why the authoritarian approach, instead of the more typically WikiPedian "caveat emptor" approach?

--Bytesmiths (talk) 18:15, 4 April 2012 (UTC)

P858snake (talkcontribs)

If they didn't have XSS security issues then they shouldn't have been tagged as such.

It was hardly a authoritarian approach, All those extensions were tagged from 2008-2010, that is ~5 yrs at the oldest ~3 at the newest where the developers (and/or other contributors) didn't bother to address security issues that can compromise your wiki and/or security accounts.

Bytesmiths (talkcontribs)

So let me see if I understand. Someone -- not you -- tagged them as having XSS vulnerability. Someone else -- me -- explained in the text how to avoid the XSS vulnerability on one of those page, but being a timid sort of person, neglected to remove the XSS tag, and then someone -- you -- apparently without testing nor reading the page, deleted them, solely because they had an XSS tag?

If that is indeed the case, I will restore the extension in question (data tables) and remove the XSS tag. It's a highly useful extension whose vulnerability is very simply avoided.

Jasper Deng (talkcontribs)

The end-user should have to do nothing in a default setup to avoid it.

Bytesmiths (talkcontribs)

So, if the default setup includes making it "administrator-only" in LocalSettings.php, that should do it?

Jasper Deng (talkcontribs)

Which extension are you talking about? I can check out its settings (since I'm an admin).