Current configuration on the wiki
94f193a894
CVE-2025-32699 Ensure that Unicode NFC normalization can be applied to our HTML output safely. Even though the W3C officially recommends against normalizing HTML https://www.w3.org/International/questions/qa-html-css-normalization#converting this is still easily done inadvertently, especially when using the MediaWiki action API which normalizes parameters and results by default. See also I671648603c4635a35585c860b4857f5ea085e47f in Parsoid, and T266140 / I2e78e660ba1867744e34eda7d00ea527ec016b71 for another similar issue. The following changes are made: * The various HTML serializers (Remex/Tidy-derived, as well as the Html::* helpers) are tweaked to entity-escape U+0338 wherever it appears. * Similarly, Message::escaped() is tweaked to entity-escape U+0338. * Finally, a post-processing pass is added to the OutputTransform pipeline to catch any remaining U+0338 and entity-escape them. This catches U+0338 added during any of the previous OutputTransform stages (like TOC insertion, section edit links, etc). *When backporting* this code will likely need to be moved to ParserOutput::getText(), as the OutputTransform pipeline wasn't added until MW 1.42. Bug: T387130 Change-Id: I66564e14e730f5393f4fa5780b80f24de6075af5 |
||
|---|---|---|
| .phan | ||
| cache | ||
| docs | ||
| extensions | ||
| images | ||
| includes | ||
| languages | ||
| maintenance | ||
| mw-config | ||
| resources | ||
| skins | ||
| tests | ||
| vendor@8964505595 | ||
| .dockerignore | ||
| .editorconfig | ||
| .eslintignore | ||
| .eslintrc.json | ||
| .fresnel.yml | ||
| .git-blame-ignore-revs | ||
| .gitattributes | ||
| .gitignore | ||
| .gitmessage | ||
| .gitmodules | ||
| .gitreview | ||
| .mailmap | ||
| .phpcs.xml | ||
| .stylelintrc.json | ||
| .svgo.config.js | ||
| .vsls.json | ||
| api.php | ||
| autoload.php | ||
| CODE_OF_CONDUCT.md | ||
| composer.json | ||
| composer.local.json-sample | ||
| COPYING | ||
| CREDITS | ||
| DEVELOPERS.md | ||
| docker-compose.yml | ||
| FAQ | ||
| Gruntfile.js | ||
| HISTORY | ||
| img_auth.php | ||
| index.php | ||
| INSTALL | ||
| jsdoc.json | ||
| load.php | ||
| opensearch_desc.php | ||
| package-lock.json | ||
| package.json | ||
| phpunit.xml.dist | ||
| README.md | ||
| RELEASE-NOTES-1.43 | ||
| rest.php | ||
| SECURITY | ||
| thumb.php | ||
| thumb_handler.php | ||
| UPGRADE | ||
MediaWiki
MediaWiki is a free and open-source wiki software package written in PHP. It serves as the platform for Wikipedia and the other Wikimedia projects, used by hundreds of millions of people each month. MediaWiki is localised in over 350 languages and its reliability and robust feature set have earned it a large and vibrant community of third-party users and developers.
MediaWiki is:
- feature-rich and extensible, both on-wiki and with hundreds of extensions;
- scalable and suitable for both small and large sites;
- simple to install, working on most hardware/software combinations; and
- available in your language.
For system requirements, installation, and upgrade details, see the files RELEASE-NOTES, INSTALL, and UPGRADE.
- Ready to get started?
- Setting up your local development environment?
- Looking for the technical manual?
- Seeking help from a person?
- Looking to file a bug report or a feature request?
- Interested in helping out?
MediaWiki is the result of global collaboration and cooperation. The CREDITS file lists technical contributors to the project. The COPYING file explains MediaWiki's copyright and license (GNU General Public License, version 2 or later). Many thanks to the Wikimedia community for testing and suggestions.