Page MenuHomePhabricator

One Sanitizer to Rule Them All
Open, Needs TriagePublic


We seem to have a number of slightly-different sanitizers floating around:

I'd like to better understand the different use cases here and try to come up with one or two implementations we can all agree on, assuming that we're all trying to do the same thing. I'd like to avoid divergence and corner case bugs where some sanitizers let things through which others don't, which could even result in security issues in the worst case scenarios. Further, we periodically allow new 'safe' attributes through into wikitext, like T247910: MediaWiki should allow setting tabindex="0" on elements in wikitext; we need to determine what the appropriate mechanisms are to keep the various sanitizers in sync.

Related Objects

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript
JTannerWMF added a subscriber: JTannerWMF.

It seems there is nothing actionable for our team at this moment but we can keep an eye on it.