[21:46:05] <Casull>	 hello people!
[21:46:57] <Casull>	 I'm parsing the HTML in wikimedia's image credits. That should be safe, right? I assume you can't really put in anything malicious in artist credits, just HTML
[21:47:26] <Casull>	 example: https://commons.wikimedia.org/wiki/File:Savannah_Cat.jpg
[21:48:02] <Casull>	 for this, I take the HTML string in the Author bit and put it into my website for the credits so that there's a link to the author's wikipage or whatever flickr URL they want
[21:48:16] <Casull>	 there shouldn't be any way for them to put in malicious things into that field from wikipedia, right?
[21:50:53] <Reedy>	 Why are you parsing the html?
[21:52:56] <MatmaRex>	 Casull: not malicious as in XSS, but it's possible to put unexpected things here. like an image or a heading or something.
[21:53:52] <MatmaRex>	 Casull: also, wikimedia wikis have this extension installed: https://www.mediawiki.org/wiki/Extension:CommonsMetadata which is supposed to do a lot of the dirty parsing work for you
[21:54:53] <MatmaRex>	 https://commons.wikimedia.org/wiki/Special:ApiSandbox#action=query&prop=imageinfo&format=json&iiprop=metadata%7Ccommonmetadata%7Cextmetadata&titles=File%3ASavannah%20Cat.jpg
[21:55:02] <MatmaRex>	 author is in the "Artist" field