On Fri, Jan 30, 2015 at 2:02 PM, Brion Vibber
<bvibber(a)wikimedia.org>
wrote:
On Thu, Jan 29, 2015 at 5:38 PM, Brad Jorsch
(Anomie) <
bjorsch(a)wikimedia.org
wrote:
> On Thu, Jan 29, 2015 at 2:47 PM, Arlo Breault <abreault(a)wikimedia.org>
wrote:
> >
https://gerrit.wikimedia.org/r/#/c/181519/
> >
>
> To clarify, the possible solutions seem to be:
>
> 1. Unstrip the marker and then encode the content. This is a security
hole
(T73167)
I'd be inclined to unstrip the marker *and squash HTML to plaintext*,