Author: GICodeWarrior
Description:
The extension should add a custom URL parameter to the link and hook into RawPageViewBeforeOutput to sanitize CSS requests with that parameter.
Inline CSS is already sanitized, and "external" files can't/shouldn't be sanitized. However, the same custom URL parameter must be appended to "external" includes so if they are actually referencing wiki pages, they will be sanitized appropriately.
"external" URLs should also be expanded and verified to be inside the base (to prevent "../../").
Version: unspecified
Severity: normal