Template:XSS alert/pl
From Linux Web Expert
<translate> Warning:</translate> <translate> The code or configuration described here poses a major security risk.</translate> <translate> Site administrators:</translate> <translate> You are advised against using it until this security issue is resolved.</translate> <translate> Problem:</translate> Podatne na ataki Cross-site scripting, ponieważ wprowadzany przez użytkowników ciąg jest przekazywany bezpośrednio do przeglądarki. Może to skutkować m.in przejęciem kont użytkowników. <translate> Solution:</translate> dokładnie waliduj wprowadzane przez użytkownika wartości i/lub zastosuj filtrowanie dla wszystkich znaków, które mają specjalne znaczenie w HTML |
Template documentation
- Opis
- Adds an alert box describing a Cross-site scripting vulnerability in including Extension page. Also adds including page to Category:Extensions with XSS vulnerabilities
- If your extension was tagged with this template please read
- For extension developers and extension users:
- Specifically for extension developers:
- Przykład
{{XSS alert|~~~~}}
- Creates
<translate> Warning:</translate> <translate> The code or configuration described here poses a major security risk.</translate> <translate> Site administrators:</translate> <translate> You are advised against using it until this security issue is resolved.</translate> <translate> Problem:</translate> <translate> Vulnerable to Cross-site scripting attacks, because it passes user input directly to the browser.</translate> <translate> This may lead to user accounts being hijacked, among other things.</translate> Duesentrieb ⇌ 13:43, 22 March 2007 (UTC) <translate> Solution:</translate> <translate> [[<tvar name=1>Special:MyLanguage/Cross-site scripting</tvar>|strictly validate user input and/or apply escaping to all characters]] that have a special meaning in HTML</translate> Duesentrieb ⇌ 13:43, 22 March 2007 (UTC) |