User blog:Ciencia Al Poder-fduser/Wikia upgrade to MediaWiki 1.15.4: Possible breakage

Hi all,

This week Wikia upgraded the running version of MediaWiki to the 1.15.4 version. That version was released to patch MediaWiki against a potential security vulnerability for InternetExplorer users.

You can read more at the MediaWiki mailing list.

The change that could arise some breakage is that this release completely disables the filter CSS property inside a style attribute.

The filter property is only recognized for Internet Explorer, and can be used to apply transparency (like for example, filter: alpha(50);). But it's not standard, and Microsoft can extend this to apply any arbitrary filter that allows remote code execution on the client, or simply filters with security vulnerabilities. One of that vulnerabilities was the reason for disabling that property.

So if you are using the filter property to apply transparency in IE or something else, you should put that style in a CSS file (MediaWiki:Common.css) and reference it using a class name.

Now the filter property used inline in the wiki code would be stripped out of the style attribute.

The code changed was: mw:Special:Code/MediaWiki/66990.