| image\s*\(
| image-set\s*\(
| attr\s*\([^)]+[\s,]+url
+ | var\s*\(
!ix', $value ) ) {
return '/* insecure input */';
}
* HTML5 definition of id attribute
*
* @param string $id Id to escape
- * @param string|array $options String or array of strings (default is array()):
+ * @param string|array $options String or array of strings (default is []):
* 'noninitial': This is a non-initial fragment of an id, not a full id,
* so don't pay attention if the first character isn't valid at the
* beginning of an id.
# such as <math> when it is rasterized, or if $wgAllowImageTag is
# true
'img' => array_merge( $common, [ 'alt', 'src', 'width', 'height', 'srcset' ] ),
-
+ # Attributes for A/V tags added in T163583 / T133673
+ 'audio' => array_merge( $common, [ 'controls', 'preload', 'width', 'height' ] ),
'video' => array_merge( $common, [ 'poster', 'controls', 'preload', 'width', 'height' ] ),
'source' => array_merge( $common, [ 'type', 'src' ] ),
'track' => array_merge( $common, [ 'type', 'src', 'srclang', 'kind', 'label' ] ),
# rbc
'rb' => $common,
'rp' => $common,
- 'rt' => $common, # array_merge( $common, array( 'rbspan' ) ),
+ 'rt' => $common, # array_merge( $common, [ 'rbspan' ] ),
'rtc' => $common,
# MathML root element, where used for extensions
// HTML 5 section 4.5
'figure' => $common,
+ 'figure-inline' => $common, # T118520
'figcaption' => $common,
# HTML 5 section 4.6