1 files changed, 0 insertions, 20 deletions

diff --git a/includes/OutputHandler.php b/includes/OutputHandler.php
index 0559597d590b..28108f658330 100644
--- a/includes/OutputHandler.php
+++ b/includes/OutputHandler.php
@@ -41,7 +41,6 @@ class OutputHandler {
 	public static function handle( $s, $phase ) {
 		$config = MediaWikiServices::getInstance()->getMainConfig();
 		$disableOutputCompression = $config->get( MainConfigNames::DisableOutputCompression );
-		$mangleFlashPolicy = $config->get( MainConfigNames::MangleFlashPolicy );
 		// Don't send headers if output is being discarded (T278579)
 		if ( ( $phase & PHP_OUTPUT_HANDLER_CLEAN ) === PHP_OUTPUT_HANDLER_CLEAN ) {
 			$logger = LoggerFactory::getInstance( 'output' );
@@ -53,10 +52,6 @@ class OutputHandler {
 			return $s;
 		}
 
-		if ( $mangleFlashPolicy ) {
-			$s = self::mangleFlashPolicy( $s );
-		}
-
 		// Check if a compression output buffer is already enabled via php.ini. Such
 		// buffers exists at the start of the request and are reflected by ob_get_level().
 		$phpHandlesCompression = (
@@ -181,21 +176,6 @@ class OutputHandler {
 	}
 
 	/**
-	 * Mangle flash policy tags which open up the site to XSS attacks.
-	 *
-	 * @param string $s Web response output
-	 * @return string
-	 */
-	private static function mangleFlashPolicy( $s ) {
-		# Avoid weird excessive memory usage in PCRE on big articles
-		if ( preg_match( '/\<\s*cross-domain-policy(?=\s|\>)/i', $s ) ) {
-			return preg_replace( '/\<(\s*)(cross-domain-policy(?=\s|\>))/i', '<$1NOT-$2', $s );
-		} else {
-			return $s;
-		}
-	}
-
-	/**
 	 * Set the Content-Length header if possible
 	 *
 	 * This sets Content-Length for the following cases: