Page MenuHomePhabricator
Create Task
Maniphest T54940

Sanitizer strips extension about/typeof for some extension
Closed, ResolvedPublic
Actions

Description

The timeline extension generates a <map> tag which gets typeof and about attributes added to it by the ExtensionHandler. But, the sanitizer strips these attibutes from the map tag since it is not whitelisted.

We need a fix to the sanitizer: either whitelisting of additional tags for approved extensions, or blanket whitelisting of extension-output-marked tags.

Version: unspecified
Severity: normal

Details

Reference
bz52940

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 1:51 AM
bzimport added a project: Parsoid-Token-Stream-Transforms.
bzimport set Reference to bz52940.
ssastry created this task.Aug 16 2013, 6:08 PM
GWicke added a comment.Aug 16 2013, 6:22 PM

We should be able to blanket-whitelist mw: typeofs if we strip those from user content early in the token stream. This is covered by bug 48772.

gerritbot added a comment.Aug 28 2013, 8:35 PM

Change 81569 had a related patch set uploaded by Subramanya Sastry:
(Bug 52940): Pass through parsoid-inserted attrs in sanitizer

https://gerrit.wikimedia.org/r/81569

gerritbot added a comment.Sep 3 2013, 11:23 PM

Change 81569 merged by jenkins-bot:
(Bug 52940) Don't block parsoid-inserted attrs in sanitizer

https://gerrit.wikimedia.org/r/81569

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits