Page MenuHomePhabricator

Sanitizer:removeHTMLtags failure: it removes XHMTL style <img src=... /> tags when allowing this tag expressly
Closed, InvalidPublic


When allowing <img> tags by using

$string = Sanitizer:removeHTMLtags( $string, null, array(), array( "img" ) );

this fails:

Sanitizer htmlescapes the _closed_ img tag even when I say by using the allowed tag array( "img" ) that I want allow it and the tag should not be escaped.

Can parser and sanitizer experts please have look into this singular problem and repair it ?

Version: 1.20.x
Severity: normal



Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 12:15 AM
bzimport set Reference to bz35013.
bzimport added a subscriber: Unknown Object (MLST).

It appears that I made a mistake in my numerous tests: a constructed "a" link in "img"-tag preceeding context was not properly closed. This then broke the rest ...

End of that story, and good news:

Sanitizer:removeHTMLtags appears to work as designed.