Page MenuHomePhabricator
Create Task
Maniphest T42579

Update Sanitizer to support replacement of whole elements instead of just attributes.
Closed, DeclinedPublic
Actions

Description

Currently our Sanitizer is only capable of sanitizing attributes. We cannot sanitize whole tags (besides just making them not work) so we can't clean up invalid elements like <center>, <font>, and <strike>.

We need to update our Sanitizer code so we can also substitute whole tags. And we'll need to make sure we also replace the closing tag.

This will probably mean creating a new set of functions to call, deprecating the old ones, and then fixing the parser to use the new functions. This involves whole element replacement so it might not be as trivial to do in the parser as attributes were.

Version: unspecified
Severity: normal

Details

Reference
bz40579

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 12:46 AM
bzimport added a project: MediaWiki-Parser.
bzimport set Reference to bz40579.
bzimport added a subscriber: Unknown Object (MLST).
DanielFriesen created this task.Sep 27 2012, 6:25 PM
brooke added a comment.Sep 27 2012, 7:19 PM

<center>, <font>, and <strike> work in existing browsers, there's no need to remove them.

DanielFriesen added a comment.Sep 27 2012, 7:23 PM

(In reply to comment #1)

<center>, <font>, and <strike> work in existing browsers, there's no need to
remove them.

This is part of $wgCleanupPresentationalAttributes. Right now for a purely technical reason we transform attributes that were removed from HTML but not elements that were removed from html.

bzimport added a comment.Sep 28 2012, 11:25 AM

mr.heat wrote:

(In reply to comment #1)

<center>, <font>, and <strike> work in existing browsers, there's no need to
remove them.

I'm telling them the same in bug #40329. They say they can not output "invalid" HTML. But they do. This is horribly confusing for all template developers. This is insane. You are welcome.

MZMcBride added a comment.Sep 30 2012, 2:01 AM

(In reply to comment #2)

This is part of $wgCleanupPresentationalAttributes. Right now for a purely
technical reason we transform attributes that were removed from HTML but not
elements that were removed from html.

Right, I believe this is the wrong direction to be headed in. I've filed bug 40632 ("Kill $wgCleanupPresentationalAttributes from MediaWiki core").

He7d3r added a comment.Oct 6 2013, 4:22 PM

(In reply to comment #4)

(In reply to comment #2)

This is part of $wgCleanupPresentationalAttributes. Right now for a purely
technical reason we transform attributes that were removed from HTML but not
elements that were removed from html.

Right, I believe this is the wrong direction to be headed in. I've filed bug
40632 ("Kill $wgCleanupPresentationalAttributes from MediaWiki core").

The feature was removed, so I'm marking this as WONTFIX.

Ricordisamoa subscribed.Sep 16 2015, 3:26 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL