RemexStripTagHandler should strip <style> contents
Open, Needs TriagePublic
Actions

Description

Sanitizer::stripAllTags() (implemented by RemexStripTagHandler) tends to be used by application code as a rough equivalent of Element.innerText, which causes bugs with TemplateStyles <styles> tags - the tag is stripped but the raw CSS is rendered as text. See e.g. T219138: TemplateStyles CSS appears in notification text. It should either behave somewhat along those lines and remove the contents of non-visual tags like <style> or <script>, or a separate utility should be available for that purpose.

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Open		None	T219138 TemplateStyles CSS appears in notification text
		Open		None	T228856 RemexStripTagHandler should strip <style> contents

Event Timeline

Tgr created this task.Jul 24 2019, 11:46 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 24 2019, 11:46 AM

Tgr added a parent task: T219138: TemplateStyles CSS appears in notification text.Jul 24 2019, 11:47 AM

Tgr mentioned this in T219138: TemplateStyles CSS appears in notification text.

matmarex added a subscriber: matmarex.Sun, Mar 8, 10:46 AM

Pikne mentioned this in T226279: Map title not shown on fr.wp but local CSS code.Wed, Mar 18, 5:48 PM

RemexStripTagHandler should strip <style> contentsOpen, Needs TriagePublicActions

Description

Related ObjectsSearch...

Event Timeline

RemexStripTagHandler should strip <style> contents
Open, Needs TriagePublic
Actions

Related Objects
Search...