to support for microdata and rdfa, allow <a> tags so external links can have ref/rel attributes
Open, LowPublic

Description

sanitizer patch to allow <a> tags

Allow <a> tags in wikitext. This was introduced first in r58694 and again discussed in the context of but reverted. I have again introducde it in r109723 after a discussion with tim, but reverted it because of code slush as requested by siebrand.

The attached patch will allow <a> tags to be passed through the sanitizer, if $wgAllowATag is set to true. I will soon supply another patch that will cause such links to be recorded in the externallink table, as discussed with tim.

Please apply once 1.19 is forked.


Version: 1.20.x
Severity: enhancement

attachment allow-a-tag.patch ignored as obsolete

bzimport set Reference to bz33886.
daniel created this task.Jan 22 2012, 8:58 PM

Created attachment 9890
parser patch to handle <a> tags and put urls into externallinks table

this patch adds a pass to the parser that will handle the href attribute from any <a> tags and put the url contained there into the externallinks table.

the patch also contains some parser test cases for making sure this doesn't break.

attachment handle-a-tag.patch ignored as obsolete

If there's any way for an <a> tag to sneak through without being added to mOutput, then that will be a vulnerability for SpamBlacklist/AbuseFilter etc. allowing links to be added without being properly flagged. So it's really important that the regex in doHtmlLinks() matches at least as many links as the one in Sanitizer::removeHTMLtags(). So I'd suggest using \W instead of \s to detect the end of the tag name.

Otherwise, looks good.

sumanah wrote:

(In reply to comment #2)
Marking reviewed - Daniel, please revise & resubmit. Thanks.

Created attachment 9923
improved parser patch to handle <a> tags and put urls into externallinks table

changed the regex as per tim's suggestion. using [^>\w] instead if \W so <a> isn't matched.

attachment handle-a-tag-2.patch ignored as obsolete

Re-submitted for 1.20 in Ic5355ef1812d449c13f45a8aafc5b5121daf0cc3 see https://gerrit.wikimedia.org/r/#change,3912

Review pending in gerrit.

*** Bug 9666 has been marked as a duplicate of this bug. ***

*** Bug 18460 has been marked as a duplicate of this bug. ***

Will this allow one to use the "style" attribute to change the underline color of [[links]] on mouseover?

Currently this is only possible using the deprecated <font> tag as in

<font color="#FF0000">MMMMMMMM</font>

because

<span style="color:#FF0000;">MMMMMMMM</span>

only changes the text color:

https://en.wikipedia.org/w/index.php?title=Wikipedia:Sandbox&oldid=498164292#Link_color

These patches should probably properly integrate with the other parts of our link handling. We want things like the external link class to be applied properly.

(In reply to comment #5)

Re-submitted for 1.20 in Ic5355ef1812d449c13f45a8aafc5b5121daf0cc3 see
https://gerrit.wikimedia.org/r/#change,3912

Review pending in gerrit.

This change set was abandoned. Why is that?

(In reply to comment #10)

This change set was abandoned. Why is that?

I've no clue, but abandonment shows that this doesn't have anyone pushing it for tarball, so not blocking.

sumanah wrote:

Comment on attachment 9887
sanitizer patch to allow <a> tags

I presume this was obsoleted by the patchset in Gerrit

sumanah wrote:

Comment on attachment 9923
improved parser patch to handle <a> tags and put urls into externallinks table

I presume this was obsoleted by the patchset in Gerrit

  • Bug 26727 has been marked as a duplicate of this bug. ***
daniel removed daniel as the assignee of this task.Dec 1 2014, 10:37 PM
Kelson added a subscriber: Kelson.Mar 23 2015, 9:08 AM

Add Comment