Greetings all,
I'm not sure if this is the right mailing list to be posting this question to, so if I should be posting to mediawiki-api, please let me know. (I think I'm in the right spot though.)
I have a question about recursiveTagParse(). Is it XSS safe? As in, do I need to escape its output with htmlspecialchars() or does it take care of that for me?
I am writing a tag extension, and I need it to be able to parse wiki text. I have followed the instructions at http://www.mediawiki.org/wiki/Manual:Tag_extensions#Version_1.8_to_version_1... (I am running MW 1.15.4), but it doesn't specify if the output is XSS safe or not.
Erring on the side of caution, I have pre-escaped all of my user supplied variables with htmlspecialchars(), but if I could avoid this step it would be wonderful, both for the simplicity of coding and performance.
Thanks for any advice you can offer, it's much appreciated.
- Vadtec