On 26/06/2009, at 3:21 PM, Aryeh Gregor wrote:
On Fri, Jun 26, 2009 at 8:22 AM, Steve
Bennett<stevagewp(a)gmail.com>
wrote:
3) A limited number of admin-controlled special
templates can use an
even wider range of features, including raw HTML.
Admins are not going to be allowed to insert raw HTML. At least, not
ordinary admins.
They already can, with Javascript, so there's no XSS issue.
--
Andrew Garrett
Contract Developer, Wikimedia Foundation
agarrett(a)wikimedia.org
http://werdn.us