Page MenuHomePhabricator

WikimediaIncubator raw HTML messages
Closed, ResolvedPublic

Description

The wminc-searchwiki-goto and wminc-fs-userpage-text messages are used as raw HTML. Neither needs to be.

<checkstyle version="6.5">
  <file name="./SpecialIncubatorFirstSteps.php">
    <error line="190" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialIncubatorFirstSteps::showUserpage that outputs using tainted argument $[arg #1]." source="SecurityCheck-XSS"/>
  </file>
  <file name="./SpecialSearchWiki.php">
    <error line="231" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialSearchWiki::showMultipleResults that outputs using tainted argument $[arg #1]." source="SecurityCheck-XSS"/>
  </file>
</checkstyle>

Event Timeline

Legoktm created this task.Aug 2 2018, 8:49 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 2 2018, 8:49 PM
Legoktm changed the visibility from "Custom Policy" to "Public (No Login Required)".
Restricted Application added a project: acl*security. · View Herald TranscriptAug 12 2018, 10:39 PM
sbassett triaged this task as Medium priority.Oct 15 2019, 7:27 PM