「テンプレート:XSS alert」の版間の差分
提供: ひつじ小屋別館2代目
(nocat variable) |
細 (1版) |
(相違点なし)
|
2013年6月30日 (日) 03:16時点における最新版
WARNING: The code or configuration described here poses a major security risk.
Site administrators: You are advised against using it until this security issue is resolved. Problem: Vulnerable to Cross-site scripting attacks, because it passes user input directly to the browser. This may lead to user accounts being hijacked, among other things. Solution: strictly validate user input and/or apply escaping to all characters that have a special meaning in HTML |
- Description
- Adds an alert box describing a Cross-site scripting vulnerability in including Extension page. Also adds including page to Category:Extensions with XSS vulnerabilities
- If your extension was tagged with this template please read
- For extension developers and extension users: Cross-site scripting
- Specifically for extension developers: Security for developers
- Example
{{XSS alert|~~~~}}
- Creates
WARNING: The code or configuration described here poses a major security risk.
Site administrators: You are advised against using it until this security issue is resolved. Problem: Vulnerable to Cross-site scripting attacks, because it passes user input directly to the browser. This may lead to user accounts being hijacked, among other things. Solution: strictly validate user input and/or apply escaping to all characters that have a special meaning in HTML Duesentrieb ⇌ 13:43, 22 March 2007 (UTC) |
The above documentation is transcluded from テンプレート:XSS alert/doc. (edit | history) Editors can experiment in this template's sandbox (create | mirror) and testcases (create) pages. Please add categories to the /doc subpage. Subpages of this template. |