to support for microdata and rdfa, allow <a> tags so external links can have ref/rel attributes
OpenPublic

Description

sanitizer patch to allow <a> tags

Allow <a> tags in wikitext. This was introduced first in r58694 and again discussed in the context of but reverted. I have again introducde it in r109723 after a discussion with tim, but reverted it because of code slush as requested by siebrand.

The attached patch will allow <a> tags to be passed through the sanitizer, if $wgAllowATag is set to true. I will soon supply another patch that will cause such links to be recorded in the externallink table, as discussed with tim.

Please apply once 1.19 is forked.


Version: 1.20.x
Severity: enhancement

attachment allow-a-tag.patch ignored as obsolete

bzimport set Reference to bz33886.
daniel created this task.Via LegacyJan 22 2012, 8:58 PM
daniel added a comment.Via ConduitJan 23 2012, 2:02 AM

Created attachment 9890
parser patch to handle <a> tags and put urls into externallinks table

this patch adds a pass to the parser that will handle the href attribute from any <a> tags and put the url contained there into the externallinks table.

the patch also contains some parser test cases for making sure this doesn't break.

attachment handle-a-tag.patch ignored as obsolete

tstarling added a comment.Via ConduitJan 23 2012, 2:13 AM

If there's any way for an <a> tag to sneak through without being added to mOutput, then that will be a vulnerability for SpamBlacklist/AbuseFilter etc. allowing links to be added without being properly flagged. So it's really important that the regex in doHtmlLinks() matches at least as many links as the one in Sanitizer::removeHTMLtags(). So I'd suggest using \W instead of \s to detect the end of the tag name.

Otherwise, looks good.

bzimport added a comment.Via ConduitJan 23 2012, 7:46 PM

sumanah wrote:

(In reply to comment #2)
Marking reviewed - Daniel, please revise & resubmit. Thanks.

daniel added a comment.Via ConduitJan 29 2012, 7:50 PM

Created attachment 9923
improved parser patch to handle <a> tags and put urls into externallinks table

changed the regex as per tim's suggestion. using [^>\w] instead if \W so <a> isn't matched.

attachment handle-a-tag-2.patch ignored as obsolete

daniel added a comment.Via ConduitMar 29 2012, 10:54 AM

Re-submitted for 1.20 in Ic5355ef1812d449c13f45a8aafc5b5121daf0cc3 see https://gerrit.wikimedia.org/r/#change,3912

Review pending in gerrit.

Jarry1250 added a comment.Via ConduitApr 12 2012, 8:25 PM

*** Bug 9666 has been marked as a duplicate of this bug. ***

Jarry1250 added a comment.Via ConduitApr 12 2012, 8:28 PM

*** Bug 18460 has been marked as a duplicate of this bug. ***

He7d3r added a comment.Via ConduitJun 18 2012, 11:53 AM

Will this allow one to use the "style" attribute to change the underline color of [[links]] on mouseover?

Currently this is only possible using the deprecated <font> tag as in

<font color="#FF0000">MMMMMMMM</font>

because

<span style="color:#FF0000;">MMMMMMMM</span>

only changes the text color:

https://en.wikipedia.org/w/index.php?title=Wikipedia:Sandbox&oldid=498164292#Link_color

DanielFriesen added a comment.Via ConduitAug 6 2012, 9:31 AM

These patches should probably properly integrate with the other parts of our link handling. We want things like the external link class to be applied properly.

MZMcBride added a comment.Via ConduitSep 19 2012, 12:37 AM

(In reply to comment #5)

Re-submitted for 1.20 in Ic5355ef1812d449c13f45a8aafc5b5121daf0cc3 see
https://gerrit.wikimedia.org/r/#change,3912

Review pending in gerrit.

This change set was abandoned. Why is that?

MarkAHershberger added a comment.Via ConduitSep 30 2012, 4:15 PM

(In reply to comment #10)

This change set was abandoned. Why is that?

I've no clue, but abandonment shows that this doesn't have anyone pushing it for tarball, so not blocking.

bzimport added a comment.Via ConduitOct 12 2012, 2:17 AM

sumanah wrote:

Comment on attachment 9887
sanitizer patch to allow <a> tags

I presume this was obsoleted by the patchset in Gerrit

bzimport added a comment.Via ConduitOct 12 2012, 2:17 AM

sumanah wrote:

Comment on attachment 9923
improved parser patch to handle <a> tags and put urls into externallinks table

I presume this was obsoleted by the patchset in Gerrit

He7d3r added a comment.Via ConduitJan 16 2014, 12:47 PM
  • Bug 26727 has been marked as a duplicate of this bug. ***
daniel placed this task up for grabs.Via WebDec 1 2014, 10:37 PM

Add Comment

Column Prototype
This is a very early prototype of a persistent column. It is not expected to work yet, and leaving it open will activate other new features which will break things. Press "\" (backslash) on your keyboard to close it now.