Page MenuHomePhabricator

Media file metadata should not be parsed
Open, LowPublic

Description

The HTML table constructed from file metadata that's displayed at the bottom of file pages is sent through the parser. That probably should not happen.

Event Timeline

Tgr raised the priority of this task from to Needs Triage.
Tgr updated the task description. (Show Details)
Tgr added a project: MediaWiki-File-management.
Tgr added a subscriber: Tgr.
Restricted Application added subscribers: Steinsplitter, Aklapper. · View Herald Transcript

One nice thing though, is this makes it easy to see that there's no possible XSS in any of the metadata handlers.

Maybe it should be sanitized but not parsed?

MarkTraceur added a subscriber: MarkTraceur.