User talk:EdmundMielach

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search

someone pointed out User:EdmundMielach/FileProtocolLinks to me recently. looking at the source, it doesn't seem like you escape HTML in the URL input, so given input like <file>"><script>alert(document.cookie)</script></file> you would end up with a fairly nasty XSS vulnerability. Kate

Feature request: Info button[edit]

Hi Edmund, please take a look at my question at the end of mw:Extension talk:FileProtocolLinks. Thanks, --Flominator 13:46, 5 June 2008 (UTC)