MediaWiki talk:Common.js


 * Click Here Skip to contents

Submitted script change 206015 rejected
We cannot allow injection of unvalidated CSS in this manner. --Pcj (talk) 01:17, 9 February 2021 (UTC)
 * I added a validator that removed the following:
 * url
 * @import
 * @font-face
 * javascript:
 * expression (for IE)
 * I believe I have covered most common security vulnerabilities. Please let me know if I missed anything.