dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b5b55ec) | patch
Preemptively add css3's image() to our css sanitizer.
authorDaniel Friesen <pub-github@nadir-seen-fire.com>
Fri, 21 Sep 2012 16:51:08 +0000 (09:51 -0700)
committerGerrit Code Review <gerrit@wikimedia.org>
Wed, 26 Sep 2012 05:24:16 +0000 (05:24 +0000)
commit3842f9a26228399426037b5c00a69781db7f3ad8
tree160e3f73725184e9bbb2f14c513bbffe2058663ctree | snapshot
parentb5b55ec0262361874f9f5a607f8ed49dfda62a6bcommit | diff
Preemptively add css3's image() to our css sanitizer.

- Adding this now even though no browser supports it so that when one does it doesn't become a way to bypass our url() filter.
- Including missing tests for all of our insecure input filters.
- Also make sure that vendor prefixed versions like -webkit-image() are caught because most browsers are probably going to go and implement a vendor prefixed version first.

Change-Id: If73aa98b8accdb7621b0e4ff0615b61d530fa547
includes/Sanitizer.php diff | blob | history
tests/phpunit/includes/SanitizerTest.php diff | blob | history
Wiklou, le Wiki du Wiklou