Am 16.09.2011 01:12, schrieb Daniel Friesen:
Looking over an extension that was already badly
coded, I realized
there's yet another type of injection vulnerability we have to consider
CSS injection vulnerabilities.
Normally MediaWiki sanitizes any style="" tag created by user input.
Things like background-image's are stripped out. They can be used to
track users, as a type of spam, and if you're hitting IE users it's
possible you could do even more using a htc file. Oh right, and of
to be injected right into css.
please can you add the essentials of your important information
regarding CSS injection vulnerabilities via extensions
to the relevant pages in the MediaWiki Developer's Guide
I guess, your information should be added to some pages in section Security
and some pages in section Extensions, SpecialPages, hooks & Co.,