On Friday, January 30, 2015 at 1:04 PM, Brion Vibber wrote:
On Fri, Jan 30, 2015 at 12:11 PM, Jackmcbarn <jackmcbarn@gmail.com (mailto:jackmcbarn@gmail.com)> wrote:
On Fri, Jan 30, 2015 at 2:02 PM, Brion Vibber <bvibber@wikimedia.org (mailto:bvibber@wikimedia.org)> wrote:
On Thu, Jan 29, 2015 at 5:38 PM, Brad Jorsch (Anomie) < bjorsch@wikimedia.org (mailto:bjorsch@wikimedia.org)
wrote:
On Thu, Jan 29, 2015 at 2:47 PM, Arlo Breault <abreault@wikimedia.org (mailto:abreault@wikimedia.org)> wrote:
To clarify, the possible solutions seem to be:
- Unstrip the marker and then encode the content. This is a security
hole
(T73167)
I'd be inclined to unstrip the marker *and squash HTML to plaintext*,
then
encode the plaintext...
I don't see how that addresses the security issue.
Rollback tokens in the Special:Contributions HTML would then not be available in the squashed text that got encoded. Thus it could not be extracted and used in the timing attack.
Is this what you mean by “squash HTML to plaintext”? urlencode( strip_tags( $parser->mStripState->unstripBoth( $s ) ) );
Is strip_tags reliable enough to not get confused and leave those tokens lying around?
-- brion _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org (mailto:Wikitech-l@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/wikitech-l