MediaWiki

Extension talk:Progressbar

Latest comment: 13 years ago by Dantman in topic XSS

XSS Vuln

edit

Added a fix to escape $text. Can somebody please review it? ~Rohit
I found another place in your code that could be used for XSS. It came to me by way of the extension I wrote based on your code. You need to escape the "background color" parameter. - Vadtec 14:00, 13 June 2010 (CST)

Fixed. Thanks! ~Rohit

Value to current

edit

How can I assign the value of NUMBEROFARTICLES to the current value? Any help will be appreciated! Thanks for the great extention! --Swessels 14:30, 14 June 2010 (UTC)Reply

I am not sure I understand what you want. ~ Rohit


Apache warning

edit

Hi, I submitted bug 30917 to bugzilla with a patch suggestion for an apache warning I received. Regards, Bill.

XSS

edit
Latest comment: 13 years ago1 comment1 person in discussion

I don't see how anyone could consider XSS fixed in this extension. There are still parameters being outputted directly into raw html. This extension isn't fixed until either every single spot where a variable is concatenated with html is escaped directly in place by a htmlspecialchars, or it makes use of our much more elegant Html building class.

Also, a new type of vulnerability I just thought up that this is vulnerable to, a CSS injection vulnerability. Even if this is all html escaped because it builds a style tag in raw html this can be used to bypass our style="" tag filters and insert a background-image that we would normally reject. The most dangerous type of that is of course IE's htc files. Dantman 22:51, 15 September 2011 (UTC)Reply

Add topic
Retrieved from "https://www.mediawiki.org/w/index.php?title=Extension_talk:Progressbar&oldid=434986"
Return to "Progressbar" page.