Page MenuHomePhabricator
Create Task
Maniphest T77314

HTML sanitizing of extmetadata makes hidden content visible
Closed, ResolvedPublic
Actions

Description

Migrated from: https://wikimedia.mingle.thoughtworks.com/projects/multimedia/cards/388

Some templates store metadata in display:none-ed text; MediaViewer's whitelistHtml function makes this metadata visible. E.g. permission text shown for PD images starts with "Public domainPublic domainfalsefalse".</pre>

Related Bugs

bug 63126

Related Stories

Related Changesets

Event Timeline

MingleTerminator raised the priority of this task from to High.Dec 8 2014, 5:00 PM
MingleTerminator added a project: Multimedia.
In mingle on 2014-03-27 at 01:52:01, @Tgr wrote:

https://gerrit.wikimedia.org/r/121282

MingleTerminator added a comment.Dec 8 2014, 5:00 PM
In mingle on 2014-04-03 at 18:02:53, aarcos wrote:

Verified during weekly planning meeting.

MingleTerminator added a comment.Dec 8 2014, 5:00 PM
In mingle on 2014-04-03 at 18:03:08, aarcos wrote:

Verified during weekly planning meeting.

MingleTerminator closed this task as Resolved.Dec 8 2014, 5:00 PM
Gilles added a project: MediaViewer.Dec 8 2014, 5:04 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL