On 05/18/2014 02:28 AM, Subramanya Sastry wrote:
However, in his previous message, Gabriel indicated
that
a property in the JSON/XML response structure might work better for
multi-part responses.
The difference between wrapper and property is actually that using inline
wrappers in the returned wikitext would force us to escape similar wrappers
from normal template content to avoid opening a gaping XSS hole.
A separate property in the JSON/XML structure avoids the need for escaping
(and associated security risks if not done thoroughly), and should be
relatively straightforward to implement and consume.
Gabriel