aboutsummaryrefslogtreecommitdiffstats
path: root/includes/diff/Hook/DiffViewHeaderHook.php
diff options
context:
space:
mode:
authorBartosz DziewoƄski <matma.rex@gmail.com>2015-10-21 14:24:17 +0200
committerReedy <reedy@wikimedia.org>2020-09-24 16:24:39 +0100
commitd0b7fb495c9d5446607672ad6a93a5491efe7337 (patch)
tree5ab0cc43311d90282a14ea396b36aa4fc004f23d /includes/diff/Hook/DiffViewHeaderHook.php
parentf00781c0ddc3c771f3c856fbff695f1a8d452cd5 (diff)
downloadmediawikicore-d0b7fb495c9d5446607672ad6a93a5491efe7337.tar.gz
mediawikicore-d0b7fb495c9d5446607672ad6a93a5491efe7337.zip
SECURITY: mediawiki.js: Escape HTML in mw.message( ... ).parse()
This basically makes it equivalent to .escaped() and not .text(). Does not affect the mediawiki.jqueryMsg version, which still accepts whitelisted HTML tags. CVE-2020-25828 Bug: T115888 Change-Id: I6513dfb480024309e1594abc6f07bbd3b0c5a10e
Diffstat (limited to 'includes/diff/Hook/DiffViewHeaderHook.php')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 11:11:54 +0000