On Wed, 06 Feb 2013 22:27:46 -0800, Q <overlordq(a)gmail.com> wrote:
On 2/7/2013 12:24 AM, Chad wrote:
I think that this is a solution in search
of a problem.
How about saying, extensions on
mw.org shouldn't expose security
vulnerabilities to wiki's running them. That would probably be a better
metric.
That's what {{XSS alert}}, {{SQL injection alert}}, and {{Code injection
alert}} are for.
We have a few dozen extensions that fall under these topics.
Although we've exiled the extensions that permit PHP execution.
--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [
http://danielfriesen.name/]