Author: buzz
Description:
The input box does not produce xhtml strict markup. Attached is a patch
which removes the tables, stops mediawiki inserting <p></p> into the form
and breaking validation and a conversion of the bgcolor="" to style="" and
allowing styles to be passed into the extension.
I read on another bug that my style change could lead to a cross site
javascript vulnerability? But wouldn't this also be the case for bgcolor?
Anyway.. this patch works for me. Feel free to improve any potential
problems
Version: unspecified
Severity: normal
OS: other
Platform: Other