On 05/18/2014 02:28 AM, Subramanya Sastry wrote:
However, in his previous message, Gabriel indicated that a property in the JSON/XML response structure might work better for multi-part responses.
The difference between wrapper and property is actually that using inline wrappers in the returned wikitext would force us to escape similar wrappers from normal template content to avoid opening a gaping XSS hole.
A separate property in the JSON/XML structure avoids the need for escaping (and associated security risks if not done thoroughly), and should be relatively straightforward to implement and consume.
Gabriel