-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Steven Dick wrote:
On Wed, Sep 17, 2008 at 3:13 PM, Brion Vibber brion@wikimedia.org wrote:
<input type='hidden' value="+\" name="wpEditToken" />
Nothing fishy there -- the "+" are stuck on the edit token to help protect against bots which don't parse HTML correctly.
I've had to add & to that list. There's a bot out there that truncates pages containing &
Not a bad idea! Ensuring that '&' in the HTML makes the circuit through '&' in internal processing to '%26' in URL-encoded post submission is a good thing. :)
- -- brion