mediawikicore.git - The collaborative editing software that runs Wikipedia.

diff options

author	Brian Wolff <bawolff+wn@gmail.com>	2015-10-27 01:39:34 -0600
committer	Reedy <reedy@wikimedia.org>	2020-09-24 16:24:39 +0100
commit	f00781c0ddc3c771f3c856fbff695f1a8d452cd5 (patch)
tree	75beb91e0841fcaae4103780b262f833289fcd24 /includes/diff/Hook/DiffViewHeaderHook.php
parent	d45e2fef6d67c17faa08a7aa01485802e07be957 (diff)
download	mediawikicore-f00781c0ddc3c771f3c856fbff695f1a8d452cd5.tar.gz mediawikicore-f00781c0ddc3c771f3c856fbff695f1a8d452cd5.zip

SECURITY: mediawiki.jqueryMsg: Sanitize URLs and 'style' attribute

Previously you could leverage the style attribute, and external links to execute javascript. CVE-2020-25814 Bug: T86738 Change-Id: I6f15ece1db136369e06dfeee34d1a0c5bc03e32b Co-Authored-By: Roan Kattouw <roan.kattouw@gmail.com> Co-Authored-By: Lucas Werkmeister <lucas.werkmeister@wikimedia.de>

Diffstat (limited to 'includes/diff/Hook/DiffViewHeaderHook.php')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: