When allowing <img> tags by using
$string = Sanitizer:removeHTMLtags( $string, null, array(), array( "img" ) );
this fails:
Sanitizer htmlescapes the _closed_ img tag even when I say by using the allowed tag array( "img" ) that I want allow it and the tag should not be escaped.
Can parser and sanitizer experts please have look into this singular problem and repair it ?
Version: 1.20.x
Severity: normal
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | Feature | None | T32377 Suggestion: add a new parameter to limit the number of characters when rendering the channel item <description> | ||
| Resolved | Wikinaut | T36763 RSS feed items (HTML) are not rendered as HTML but htmlescaped | |||
| Resolved | None | T37002 Sanitizer:removeHTMLtags fails for <img src=> tag when enclosed in <a> link | |||
| Invalid | None | T37013 Sanitizer:removeHTMLtags failure: it removes XHMTL style <img src=... /> tags when allowing this tag expressly |
It appears that I made a mistake in my numerous tests: a constructed "a" link in "img"-tag preceeding context was not properly closed. This then broke the rest ...
End of that story, and good news:
Sanitizer:removeHTMLtags appears to work as designed.