On Thu, Jan 29, 2015 at 5:38 PM, Brad Jorsch (Anomie) <bjorsch@wikimedia.org
wrote:
On Thu, Jan 29, 2015 at 2:47 PM, Arlo Breault abreault@wikimedia.org wrote:
To clarify, the possible solutions seem to be:
- Unstrip the marker and then encode the content. This is a security hole
(T73167)
I'd be inclined to unstrip the marker *and squash HTML to plaintext*, then encode the plaintext...
-- brion
Encode the marker. This results in strip markers in the output.
Ignore the marker. This leaves non-encoded content in the middle of what
is supposed to be encoded content.
Remove the marker. This loses whatever is inside the marker.
Just output an error, to make it obvious something stupid is going on.
There's no good option, so which of 2, 3, 4, and 5 is least bad?
-- Brad Jorsch (Anomie) Software Engineer Wikimedia Foundation _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l