This project serves as an ACL for pastes or tasks created by security reviewers. Only security reviewers and members of acl*security should be a member of this project.
Jun 30 2021
Jun 25 2021
This doesn't need to be a local task with an upstream task existing.
Jun 22 2021
Note: Even if the upstream task is resolved, $wgGoogleCustomWikiSearchOptions should never be added to ManageWiki because it is supposed to contain JS by design.
ManageWiki has its own validation types. If we can use them then we're fine. I wouldn't like to deploy exploitable vulnerabilities though if we can afford it.
And actually even adding to ManageWiki may not be a blocker for this for the same reason only unescaped interface messages aren't by themselves a reason to decline.
This should be done upstream but for now is not a blocker for the extension review if we don't add the configs to ManageWiki.