CAPTCHA can be fooled by html-comments in the URL
Closed, ResolvedPublic
Actions

Assigned To

None

Authored By

	• bzimport
	Feb 1 2006, 11:34 AM

Description

Author: mathias.schindler

Description:
http://www.spamurl.tld does not get noticed by the CAPTCHA thing

Version: unspecified
Severity: normal
URL: http://test.wikipedia.org/w/index.php?title=Current_events&diff=198&oldid=197

Details

Reference: bz4823

Revisions and Commits

Unknown Object (Diffusion Commit)

Event Timeline

• bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:05 PM

• bzimport added a project: MediaWiki-extensions-General.

• bzimport set Reference to bz4823.

• bzimport added a subscriber: Unknown Object (MLST).

• bzimport created this task.Feb 1 2006, 11:34 AM

robchur wrote:

I suppose the simplest solution is to strip out HTML comments before doing
processing on text with any extensions, hooks or hacks.

wiki.bugzilla wrote:

*** Bug 5185 has been marked as a duplicate of this bug. ***

psychonaut wrote:

I don't understand what this issue has to do with CAPTCHAs. Can someone please
explain it to me?

beesley wrote:

(In reply to comment #3)

I don't understand what this issue has to do with CAPTCHAs. Can someone please
explain it to me?

Captchas are invoked if someone tries to save an external link on a page, but if
they start that link with http://www. instead of http://www. the captcha
is not invoked, making it easier for spam bots to save their spam.

Fixed in r18349, using the parser to extract links as SpamBlacklist does.

epriestley added a commit: Unknown Object (Diffusion Commit).Mar 4 2015, 8:16 AM

CAPTCHA can be fooled by html-comments in the URLClosed, ResolvedPublicActions

Description

Details

Revisions and Commits

Event Timeline

CAPTCHA can be fooled by html-comments in the URL
Closed, ResolvedPublic
Actions