Closed
Bug 1133359
Opened 11 years ago
Closed 11 years ago
Remove SemanticHTML extension
Categories
(Websites :: wiki.mozilla.org, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: GPHemsley, Unassigned)
References
(Blocks 1 open bug, )
Details
(Whiteboard: [extension][dev=2015-02-19][stage=2015-02-26][prod=2015-02-26])
Attachments
(1 file)
As jd mentions in bug 1129886, the SemanticHTML extension is a major security issue because it does not sanitize the attributes of the HTML elements it implements.
And aside from that, the elements for which it adds support have long been supported natively by MediaWiki anyway.
|
Reporter | |
Comment 1•11 years ago
|
||
|
|
Reporter | |
Comment 2•11 years ago
|
||
|
|
Reporter | |
Comment 3•11 years ago
|
||
I think this should depend on bug 716749, but I don't have access.
|
||
Updated•11 years ago
|
Whiteboard: [extension] → [extension][dev=2015-02-19]
|
|
||
Comment 4•11 years ago
|
||
This has been pushed to dev: https://wiki-dev.allizom.org/Special:Version
We'll go to production with it next week.
Whiteboard: [extension][dev=2015-02-19] → [extension][dev=2015-02-19][stage=2015-02-26][prod=2015-02-26]
|
|
||
Comment 5•11 years ago
|
||
This has been pushed to stage and production. Closing and will let :GPHemsley verify and remove security flag.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Updated•11 years ago
|
Group: websites-security
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•