From 0b0c60e42fff485349c33acf409eca73dd476c2a Mon Sep 17 00:00:00 2001
From: jdlrobson <jdlrobson@gmail.com>
Date: Fri, 23 Jun 2017 11:10:25 -0700
Subject: [PATCH] SECURITY: script tags should be stripped from extracts

Bug: T107206
Change-Id: I268a5de006867058b23e6146f00a990a39894ae1
---
 wmf-config/InitialiseSettings.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wmf-config/InitialiseSettings.php b/wmf-config/InitialiseSettings.php
index e070459..26c41e2 100644
--- a/wmf-config/InitialiseSettings.php
+++ b/wmf-config/InitialiseSettings.php
@@ -15026,6 +15026,8 @@ $wgConf->settings = [
 		'.metadata',
 		// b/c rules, @todo: consider just whacking class="noexcerpt" on these
 		'span.coordinates', 'span.geo-multi-punct', 'span.geo-nondefault', '#coordinates',
+		// T107206
+		'script'
 	],
 ],
 'wgExtractsExtendOpenSearchXml' => [
-- 
2.10.1 (Apple Git-78)