I haven’t got too much of a clue what this all means, but some of the MediaWiki Extensions (here, here, and here) that I have pointed to in recent posts now have a warning on them. So if you have your wiki wide open (where anyone can edit), you are apparently vulnerable to this type of attack. The UMW New Media Wiki is locked down so that only “sysops” can edit pages. I’ve been in contact with Jim Wilson, and he clearly knows way more about this stuff than I do. He has his own YouTube Extension that I have not tested, yet.
One Response
Hi Andy,
Thanks for the XSS props – I’ll be happy to answer any questions you may have.
Regarding my YouTube Extension, I now have a much better extension for embedding video: EmbedVideo
http://jimbojw.com/wiki/index.php?title=EmbedVideo_Extension
In addition to YouTube, it also supports: FunnyOrDie, Google Video, Dailymotion, sevenload and Revver. Also, while YouTubeTag is an extension tag, EmbedVideo is a parser function – meaning it can be used in conjunction with Templates for greater flexibility.
Enjoy! (Great blog by the way.)
— Jim R. Wilson (jimbojw)