Page MenuHomePhabricator

Sanitizer strips extension about/typeof for some extension
Closed, ResolvedPublic


The timeline extension generates a <map> tag which gets typeof and about attributes added to it by the ExtensionHandler. But, the sanitizer strips these attibutes from the map tag since it is not whitelisted.

We need a fix to the sanitizer: either whitelisting of additional tags for approved extensions, or blanket whitelisting of extension-output-marked tags.

Version: unspecified
Severity: normal



Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 1:51 AM
bzimport set Reference to bz52940.

We should be able to blanket-whitelist mw: typeofs if we strip those from user content early in the token stream. This is covered by bug 48772.

Change 81569 had a related patch set uploaded by Subramanya Sastry:
(Bug 52940): Pass through parsoid-inserted attrs in sanitizer

Change 81569 merged by jenkins-bot:
(Bug 52940) Don't block parsoid-inserted attrs in sanitizer