Closed mamarto closed 2 months ago
Hi @translatewiki and @hugolpz, is there something wrong with this MR? When can I expect it to be merged?
Thanks!
Hello @mamarto , FYI, current maintainer of this skin (myself) is not a PHP developer. This repository will soon be phased out from Lingualibre.org and therefore become orphan. @jdlrobson and yourself ( @mamarto ) are the last two PHP developers who edited this skin. I'm willing to move this skin to a new owner if someone what to continue to give it life. This issue is handled in #16
BlueLL skin: stored XSS via MediaWiki:Sidebar
Top-level menu entries from MediaWiki:Sidebar are not properly escaped in the BlueLL skin (Lingua-Libre), resulting in classic stored XSS. The output of Sanitizer::escapeIdForAttribute is not HTML-safe, but the skin incorrectly assumes it is.
Bug: T361453