On Mon, Dec 31, 2012 at 7:49 AM, Brad Jorsch bjorsch@wikimedia.org wrote:
On Fri, Dec 28, 2012 at 3:26 PM, webmaster@numerica.cl wrote:
Exactly, I would need it to return just plain text/html for an other program to interpret it, so having it inside an array is problematic. Sounds too difficult?
Be careful you don't introduce security holes when doing this. https://www.mediawiki.org/wiki/Cross-site_scripting might be a good read.
Yes please. Whatever the output, you want to make sure it's not interpreted as html, otherwise a <script> tag in the text will execute javascript if it's loaded in an iframe, or one of your users is redirected to the api's output somehow. Obviously, if this is just for your own wiki, you can decide if that's a threat or not. If you want to merge it into core, then you will need to do a lot of filtering on the output.