dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge "Revert "Creating new WMF 1.30.0-wmf.2 branch""
[lhc/web/wiklou.git] / includes / Sanitizer.php
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index e9519c3..c4883ba 100644 (file)
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -835,7 +835,7 @@ class Sanitizer {
 
                        # NOTE: even though elements using href/src are not allowed directly, supply
                        #       validation code that can be used by tag hook handlers, etc
-                       if ( $attribute === 'href' || $attribute === 'src' ) {
+                       if ( $attribute === 'href' || $attribute === 'src' || $attribute === 'poster' ) {
                                if ( !preg_match( $hrefExp, $value ) ) {
                                        continue; // drop any href or src attributes not using an allowed protocol.
                                        // NOTE: this also drops all relative URLs
@@ -1760,6 +1760,10 @@ class Sanitizer {
                        # true
                        'img'        => array_merge( $common, [ 'alt', 'src', 'width', 'height' ] ),
 
+                       'video'      => array_merge( $common, [ 'poster', 'controls', 'preload', 'width', 'height' ] ),
+                       'source'     => array_merge( $common, [ 'type', 'src' ] ),
+                       'track'      => array_merge( $common, [ 'type', 'src', 'srclang', 'kind', 'label' ] ),
+
                        # 15.2.1
                        'tt'         => $common,
                        'b'          => $common,
Wiklou, le Wiki du Wiklou