2008/10/24 Tim Starling tstarling@wikimedia.org:
Philip Hunt wrote:
When it says "very dangerous", what does this mean? Does it for example enable an exploit that would let someone hack into the MediaWiki site? Or does it merely allow Javascript that would allow a malicious person to harm a user's computer if they view the page?
The major concern is compromise of the MediaWiki account of the user who views the page. The session ID or login token could be stolen, allowing an attacker to act as that user. The attacker could potentially gain sysop access and make a nuisance of themselves on the wiki.
There is no increased risk of server compromise unless you have installed a MediaWiki extension which allows escalation from web access to server access (e.g. a "PHP shell" extension).
Raw HTML increases the risk of password compromise via a phishing-style attack.
Attacks against the viewer's browser are possible; a lockup or crash would be easy for an attacker to produce. If the user has an old browser with known vulnerabilities, a compromise of the user's computer may be possible via scripted heap preparation or similar attacks.
That's useful informaytion. Do I have your permission to add it to the article http://www.mediawiki.org/wiki/Manual:$wgRawHtml ?