I think that history pages in MariaDB Knowledge Base have a cross-site scripting vulnerability because special characters contained in link texts and revision comments are not escaped.
For example, this page: https://mariadb.com/kb/en/meta/editing-help/creole-formatting/+history
--
100の人
hi guys, at
https://mariadb.com/kb/en/mariadb/community/community-contributing-to-the-m…
, we have:
- participate in e-mail discussions via our Launchpad lists (whichever
list is most appropriate):
- maria-developers <http://launchpad.net/~maria-developers>
- maria-discuss <http://launchpad.net/~maria-discuss>
- maria-docs <http://launchpad.net/~maria-docs>
but what is "whichever list is most appropriate", in other words, could we
include some examples of what is expected in each mail list? for example,
maria-docs about including, editing, removing docs from kb?!
maria-developers talk about mdev development (i don't know how to use
maria-developers, i some time sent wrong mail), etc... just one example
at the end of this docs, i found how to use mraia-developers (i never read
it before...)
Where are the Developers?
- Most of the core developers hang out on IRC
<https://mariadb.com/kb/en/irc/> in the *#maria* channel on
- freenode*.*
- Code, proposals, and feature requests are sent to (and discussed on)
the maria-developers list <http://launchpad.net/~maria-developers>.
should be interesting write a "community guide" or something like it? i
many times use jira as 'chat' to ask question (sorry), today elena told me
to don't chat there, but i don't know if i should use maria-developer or
maria-discus or irc :/ any idea? i don
--
Roberto Spadim
SPAEmpresarial
Eng. Automação e Controle
