On Thu, Jun 2, 2011 at 10:56 PM, Brion Vibber brion@pobox.com wrote:
Is there a way we can narrow down this security check so it doesn't keep breaking API requests, action=raw requests, and ResourceLoader requests, etc?
Tim had an idea about redirecting bad URLs to fixed ones. He ran it by me last night his time, and my guess is he'll probably implement it this morning his time. But I'll leave it up to him to elaborate on that.
Your ideas to secure api.php output against HTML abuse are interesting, but I don't think the txt and dbg formats can be fixed that way.
Roan Kattouw (Catrope)