Reputation: 1
Do I need to sanitise HTML from MediaWiki API
I am using the MediaWiki API to get contents of wikipedia pages and display them on a webpage.
Normally I would just use the DOMPurify library to sanitise any HTML before I render it however for some reason when I use DOMPurify with any incoming HTML it ruins it so that the Wikipedia stylesheets no longer work - it works just fine without sanitisation.
So my question is, is it even necessary to sanitise the MediaWiki HTML, will there not already be security measures in place to make sure any data I access is safe?
Upvotes: 0
Views: 60
Answers (1)
Reputation: 28210
For Wikipedia, you probably don't need to, although it depends on how exactly you are using it. For MediaWiki in general, it depends on the site operator, some MediaWiki extensions do allow user-generated Javascript in the page content.
Upvotes: 0
Related Questions
- Wikipedia Mediawiki API get Pageid from URL
- Download images with MediaWiki API?
- MediaWiki API is returning empty extracts from Wikipedia
- MediaWiki API: Get all pages on sublists of lists on Wikipedia?
- Get Text Content from mediawiki page via API
- Get Data info from a certain page- MediaWiki API
- Get neat content from Wiki page. (MediaWiki API)
- Mediawiki: render 'off-database' wiki text as HTML in PHP?
- MediaWiki API: How to get an article's list of editors
- MediaWiki api - get last changes