Greetings all,
I'm not sure if this is the right mailing list to be posting this question to,
so if I should be posting to mediawiki-api, please let me know. (I think I'm in
the right spot though.)
I have a question about recursiveTagParse(). Is it XSS safe? As in, do I need to
escape its output with htmlspecialchars() or does it take care of that for me?
I am writing a tag extension, and I need it to be able to parse wiki text. I
have followed the instructions at
http://www.mediawiki.org/wiki/Manual:Tag_extensions#Version_1.8_to_version_…
(I am running MW 1.15.4), but it doesn't specify if the output is XSS safe or not.
Erring on the side of caution, I have pre-escaped all of my user supplied
variables with htmlspecialchars(), but if I could avoid this step it would be
wonderful, both for the simplicity of coding and performance.
Thanks for any advice you can offer, it's much appreciated.
- Vadtec