dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 63cf33d) | patch
SECURITY: Don't execute another user's CSS or JS on preview
authorBrad Jorsch <bjorsch@wikimedia.org>
Mon, 5 Jan 2015 21:31:26 +0000 (16:31 -0500)
committercsteipp <csteipp@wikimedia.org>
Wed, 1 Apr 2015 16:55:52 +0000 (09:55 -0700)
commitff95a95437fd4ba2272e06a959e5f9ab9c2b636d
tree8b4a4bc8a1ed983d6b4497a1492324197b9ef223tree | snapshot
parent63cf33d8252edc81888be4dbb9b7542e4b289ca2commit | diff
SECURITY: Don't execute another user's CSS or JS on preview

Someone could theoretically try to hide malicious code in their user
common.js and then trick an admin into previewing it by asking for help.

Bug: T85855
Change-Id: I5a7a75306695859df5d848f6105b81bea0098f0a
includes/EditPage.php diff | blob | history
includes/OutputPage.php diff | blob | history
Wiklou, le Wiki du Wiklou