Page MenuHomePhabricator

Susceptibility of pages to malicious forwarding
Closed, ResolvedPublic

Description

Author: martinp23

Description:
In
http://en.wikipedia.org/w/index.php?title=Alternate_reality_game&oldid=124684781,
when anywhere in the display is clicked, the browser is forwarded to another
site. The diff <
http://en.wikipedia.org/w/index.php?title=Alternate_reality_game&diff=124684781&oldid=124196403

shows that the cause is some HTML code inserted into the edit view.


Version: 1.10.x
Severity: major
Platform: PC

Details

Reference
bz9655

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:36 PM
bzimport added a project: MediaWiki-Parser.
bzimport set Reference to bz9655.
bzimport added a subscriber: Unknown Object (MLST).

Not an html code, but a huge transparent link.
Maybe font-color: transparent should be forbidden ?

ayg wrote:

*** This bug has been marked as a duplicate of 9526 ***