This doesn't need to be a local task with an upstream task existing.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Feb 20 2024
Feb 20 2024
Jan 29 2024
Jan 29 2024
Jan 7 2024
Jan 7 2024
Jan 6 2024
Jan 6 2024
Universal_Omega added members for acl*security_reviewers: Reception123, Void, Owen, Agent_Isai, MacFan4000, Paladox, Original_Authority.
Oct 16 2021
Oct 16 2021
Jun 30 2021
Jun 30 2021
Jun 25 2021
Jun 25 2021
Unknown Object (User) closed T7508: GoogleCustomWikiSearch Does Not Escape Config Variables as Invalid.
Jun 22 2021
Jun 22 2021
Note: Even if the upstream task is resolved, $wgGoogleCustomWikiSearchOptions should never be added to ManageWiki because it is supposed to contain JS by design.
ManageWiki has its own validation types. If we can use them then we're fine. I wouldn't like to deploy exploitable vulnerabilities though if we can afford it.
Unknown Object (User) added a comment to T7508: GoogleCustomWikiSearch Does Not Escape Config Variables.
And actually even adding to ManageWiki may not be a blocker for this for the same reason only unescaped interface messages aren't by themselves a reason to decline.
Unknown Object (User) added a comment to T7508: GoogleCustomWikiSearch Does Not Escape Config Variables.
This should be done upstream but for now is not a blocker for the extension review if we don't add the configs to ManageWiki.
Redmin lowered the priority of T7508: GoogleCustomWikiSearch Does Not Escape Config Variables from High to Normal.
Jun 14 2021
Jun 14 2021
Feb 15 2021
Feb 15 2021
Jan 24 2021
Jan 24 2021
Aug 25 2020
Aug 25 2020
Aug 24 2020
Aug 24 2020