On Mon, Aug 30, 2004 at 01:30:44PM +0100, Timwi wrote:
Jens Frank wrote:
Modified Files: DifferenceEngine.php Log Message: BUG#244 Backed out changes done in Patch 1.33 due to major security problems. HTML tags were not escaped and it was possible to execute arbitrary javascript code
Can you give me an example of two article texts such that the diff between them produces this security problem?
http://mediawiki.mormo.org/index.php?title=Difftest&diff=0&oldid=598...
Currently mormo is running the broken version.
Regards,
JeLuF