Last modified: 2014-07-23 08:31:00 UTC
Go to https://en.wikipedia.org/wiki/Special:Version/Credits/BetaFeatures and wonder why some part is striked. There is a email, which begins with <s. which is valid html tag and therefor text gets striked. The <> from the credits page should be escaped when gets parsed.
CC'ing Chris as I wonder if this could create some worse issues (though having a hard time to imagine).
The credits file is parsed as wikitext, so any valid wikitext formatting can be used. But wikitext->html is safe from xss.
When normal wikitext parsing is used here, than this is a duplicate of bug 40670/bug 17663 *** This bug has been marked as a duplicate of bug 17663 ***