On Mon, 17 Dec 2012, Platonides wrote: > With a quick glance, it misses to escape the output everywhere.
Right, when enabling text mode, it probably (not yet tested, I’m about to head home) will execute scripts as well. The content is a bit harder to fix though, as, in contrast to the title, it _is_ supposed to contain HTML of some sort. Does Mediawiki have an API which you can pass some string of HTML which will throw out all unknown or “unsafe” (whatever that means) tags, tidy it up to produce valid XHTML, and return that? Otherweise, I guess Suggests: php-htmlpurifier and using that if existent, saying “I don’t wanna” if not and the text mode (as opposed to the default just-the-headlines mode) is enabled is the way forward. bye, //mirabilos -- tarent solutions GmbH Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/ Tel: +49 228 54881-393 • Fax: +49 228 54881-314 HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941 Geschäftsführer: Boris Esser, Sebastian Mancke -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
