Brion Vibber wrote:
Your ideas to
secure api.php output against HTML abuse are
interesting, but I don't think the txt and dbg formats can be fixed
that way.
Why do we actually have these extra unparseable formats? If they're for
debug readability then we can probably just make them HTML-formatted, like
jsonfm/xmlfm/etc.
You're talking about api.php?format=txt and api.php?format=dbg? I'd strongly
recommend at least rudimentary log sampling on the Wikimedia cluster to
check for use frequency before making any decision. People have all sorts of
strange use-cases and it could be a rather nasty breaking change for some
people. It'd be nice to have hard(er) data before making a decision, even if
it turns out that the idea behind having these extra formats was initially
misguided.
MZMcBride