Page MenuHomePhabricator

Update Sanitizer to support replacement of whole elements instead of just attributes.
Closed, DeclinedPublic

Description

Currently our Sanitizer is only capable of sanitizing attributes. We cannot sanitize whole tags (besides just making them not work) so we can't clean up invalid elements like <center>, <font>, and <strike>.

We need to update our Sanitizer code so we can also substitute whole tags. And we'll need to make sure we also replace the closing tag.

This will probably mean creating a new set of functions to call, deprecating the old ones, and then fixing the parser to use the new functions. This involves whole element replacement so it might not be as trivial to do in the parser as attributes were.


Version: unspecified
Severity: normal

Details

Reference
bz40579

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 12:46 AM
bzimport added a project: MediaWiki-Parser.
bzimport set Reference to bz40579.
bzimport added a subscriber: Unknown Object (MLST).
brion added a comment.Sep 27 2012, 7:19 PM

<center>, <font>, and <strike> work in existing browsers, there's no need to remove them.

(In reply to comment #1)

<center>, <font>, and <strike> work in existing browsers, there's no need to
remove them.

This is part of $wgCleanupPresentationalAttributes. Right now for a purely technical reason we transform attributes that were removed from HTML but not elements that were removed from html.

mr.heat wrote:

(In reply to comment #1)

<center>, <font>, and <strike> work in existing browsers, there's no need to
remove them.

I'm telling them the same in bug #40329. They say they can not output "invalid" HTML. But they do. This is horribly confusing for all template developers. This is insane. You are welcome.

(In reply to comment #2)

This is part of $wgCleanupPresentationalAttributes. Right now for a purely
technical reason we transform attributes that were removed from HTML but not
elements that were removed from html.

Right, I believe this is the wrong direction to be headed in. I've filed bug 40632 ("Kill $wgCleanupPresentationalAttributes from MediaWiki core").

He7d3r added a comment.Oct 6 2013, 4:22 PM

(In reply to comment #4)

(In reply to comment #2)

This is part of $wgCleanupPresentationalAttributes. Right now for a purely
technical reason we transform attributes that were removed from HTML but not
elements that were removed from html.

Right, I believe this is the wrong direction to be headed in. I've filed bug
40632 ("Kill $wgCleanupPresentationalAttributes from MediaWiki core").

The feature was removed, so I'm marking this as WONTFIX.