Soheilkhodayari (Soheil)
User

Projects

User does not belong to any projects.

Calendar

User Details

User Since: Feb 6 2024, 10:51 AM (119 w, 6 h)
Availability: Available
LDAP User: Unknown
MediaWiki User: Soheilkhodayari [ Global Accounts ]

Recent Activity
View All

Feb 12 2024

Soheilkhodayari added a comment to T356768: DOM Clobbering Risk in WikiBooks.

To add to the comment by @Bawolff, I think the blacklisting approach of id attributes is similar to what the AMP4Email Sanitizer of Gmail does [1]. That could be indeed another viable solution, but it may be a bit brittle since the code could evolve and the list need to be updated once in a while.

Feb 12 2024, 7:04 PM · MW-1.42-notes (1.42.0-wmf.25; 2024-04-02), Patch-For-Review, Vuln-XSS, SecTeam-Processed, Security, Security-Team

Soheilkhodayari added a comment to T356768: DOM Clobbering Risk in WikiBooks.

Sounds great, I think making the report public could be beneficial, particularly to increase awareness among developers!

Feb 12 2024, 6:53 PM · MW-1.42-notes (1.42.0-wmf.25; 2024-04-02), Patch-For-Review, Vuln-XSS, SecTeam-Processed, Security, Security-Team