Extension talk:AllowAnchorTags
Latest comment: 17 years ago by Duesentrieb
Aren't there potential XSS vulnerabilities opened by this extension? Jean-Lou Dupont 21:53, 9 April 2007 (UTC)
- indeed - a) be failing to escape user input, and b) by design through
javascript:
urls. -- Duesentrieb ⇌ 23:06, 9 April 2007 (UTC)
I can't get the target attribute to the URL to work. Also the script is available at ...esnips.com link is broken.
-- 20080709 BEGIN--
The closing ?> was missing from the end of the php file.
The addAnchorTag function didn't have a return statment, which caused an error, so I added 'return true;'
The tar.gz file needs to be updated, as it doesn't contain these changes, nor does it contain the $wgExtensionCredits section at the top of AllowAnchorTags.php.
-- 20080709 END --