On Mon, Dec 31, 2012 at 7:49 AM, Brad Jorsch <bjorsch(a)wikimedia.org> wrote:
On Fri, Dec 28, 2012 at 3:26 PM,
<webmaster(a)numerica.cl> wrote:
Exactly, I would need it to return just plain
text/html for an other program
to interpret it, so having it inside an array is problematic.
Sounds too difficult?
Be careful you don't introduce security holes when doing this.
https://www.mediawiki.org/wiki/Cross-site_scripting might be a good
read.
Yes please. Whatever the output, you want to make sure it's not
interpreted as html, otherwise a <script> tag in the text will execute
javascript if it's loaded in an iframe, or one of your users is
redirected to the api's output somehow. Obviously, if this is just for
your own wiki, you can decide if that's a threat or not. If you want
to merge it into core, then you will need to do a lot of filtering on
the output.