Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/resources
History
Bartosz Dziewoński 35edc6c2b1 SECURITY: apisandbox: Fix reflected XSS when invalid 'format' is provided 
CVE-2025-6594

* Fix validation of API parameters. Follow-up to
  c36b4634e8.
* Add an extra check for parameters that should be required by the UI.
* Remove a fallback code branch that tried to display responses for
  non-pretty formats, which would have been unreachable were it not
  for the format validation bug, and which handled HTML unsafely.

Bug: T395063
Change-Id: I392810e3474ffdbe273b1c668ffce4c8dace1380
2025-06-30 19:58:40 +01:00
..
assets Add xml version declaration where possible 2024-09-03 17:24:33 +03:30
lib [REST Sandbox] Remove SwaggerUI from MediaWiki Releases 2025-06-30 16:05:49 +01:00
src SECURITY: apisandbox: Fix reflected XSS when invalid 'format' is provided 2025-06-30 19:58:40 +01:00
README.md Update jsdoc-wmf-theme from 1.0.1 to 1.1.0 2024-06-27 19:29:24 +00:00
Resources.php [REST Sandbox] Remove SwaggerUI from MediaWiki Releases 2025-06-30 16:05:49 +01:00

README.md

MediaWiki Frontend API

This documentation describes the public API that user scripts, gadgets, skins, and extensions can use to interact with MediaWiki. To interact with MediaWiki from outside a wiki, use the Action API.

The MediaWiki frontend API consists of global variables and ResourceLoader modules.

Get started

Explore the documentation

Browse namespaces and classes within the MediaWiki base library.

Manage dependencies

Load modules and scripts to use in your code.

Access wiki configuration

Get information about wikis, pages, and users. See the complete list of configuration values.

Use the API

Interact with a wiki's API to query pages, edit pages, perform patrolling actions, and more.

  • mw.Api — The Action API is a full-featured API that includes a complete set of actions and parameters. To try it out, visit Special:ApiSandbox on any wiki.
  • mw.Rest — The REST API is a simplified API for performing basic read and write operations.

Integrate with wiki features

Hooks let you register and fire events that you can use to extend and enhance the behavior of MediaWiki.

Format and parse system messages

Handle translatable text or HTML strings that are part of the MediaWiki interface.

Send notifications

Display pop-up notifications to users.

Interact with users

Get information about users, sessions, and user preferences.

Interact with pages

Construct and parse page elements.

Utilities

Get helpful methods for handling URLs, CSS, regular expressions, and more.

Debugging and error reporting

Log errors, send deprecation warnings, and debug your code.

Upstream

  • OOjs — JavaScript library for working with objects
  • OOUI — component-based JavaScript UI library

Contribute