Page MenuHomePhabricator
Create Task
Maniphest T41662

Allow -webkit-filter CSS
Closed, DuplicatePublicFeature
Actions

Description

Currently, all uses of -webkit-filter in a tag's style attribute are being replaced with "/* insecure input */". Assuming this is due to confusion with -ms-filter and there isn't any actual security risk in allowing -webkit-filter, the style should be allowed.

Version: 1.19
Severity: enhancement

Details

Reference
bz39662

Related Objects

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 1:10 AM
bzimport added a project: MediaWiki-Parser.
bzimport set Reference to bz39662.
bzimport added a subscriber: Unknown Object (MLST).
Yair_rand created this task.Aug 26 2012, 10:18 AM
D41D8CD98F subscribed.Sep 25 2016, 7:55 AM

Now there is the unprefixed filter property, which should also be allowed.

Aklapper changed the subtype of this task from "Task" to "Feature Request".Feb 4 2022, 11:14 AM
Aklapper removed a subscriber: wikibugs-l-list.
SnorlaxMonster added a project: css-sanitizer.Wed, Mar 27, 1:24 PM
SnorlaxMonster subscribed.

This was resolved by https://phabricator.wikimedia.org/T308160. It is now possible to use -webkit-filter (although the unprefixed filter should be preferred anyway).

Tgr subscribed.Wed, Mar 27, 1:51 PM

T308160: Uncensor use of "filter" CSS property on wikitext pages is about the wikitext parser. This issue is tagged as TemplateStyles (now, at least; presumably the task author meant the task to be about the parser, since it predates the existence of TemplateStyes). In TemplateStyles, this isn't resolved.

Tgr removed a project: css-sanitizer.Wed, Mar 27, 1:52 PM

I'll just untag and close as duplicate to reduce confusion. Please file a dedicated task for TemplateStyles / css-sanitizer if you think this functionality is needed there.

Tgr closed this task as a duplicate of T308160: Uncensor use of "filter" CSS property on wikitext pages.Wed, Mar 27, 1:52 PM
SnorlaxMonster added a comment.Wed, Mar 27, 1:53 PM

Ah sorry, that was my tag. I should have tagged it as CSS instead of css-sanitizer.

Tgr added a comment.Wed, Mar 27, 2:06 PM

(FWIW css-sanititer does handle filter already.)

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL