On Thu, Jan 29, 2015 at 2:47 PM, Arlo Breault abreault@wikimedia.org wrote:
There’s a brief discussions of the security implications of some proposed solutions in the review of, https://gerrit.wikimedia.org/r/#/c/181519/
To clarify, the possible solutions seem to be:
1. Unstrip the marker and then encode the content. This is a security hole (T73167)
2. Encode the marker. This results in strip markers in the output.
3. Ignore the marker. This leaves non-encoded content in the middle of what is supposed to be encoded content.
4. Remove the marker. This loses whatever is inside the marker.
5. Just output an error, to make it obvious something stupid is going on.
There's no good option, so which of 2, 3, 4, and 5 is least bad?