On Wed, 06 Feb 2013 22:27:46 -0800, Q overlordq@gmail.com wrote:
On 2/7/2013 12:24 AM, Chad wrote:
I think that this is a solution in search of a problem.
How about saying, extensions on mw.org shouldn't expose security vulnerabilities to wiki's running them. That would probably be a better metric.
That's what {{XSS alert}}, {{SQL injection alert}}, and {{Code injection alert}} are for.
We have a few dozen extensions that fall under these topics.
Although we've exiled the extensions that permit PHP execution.