dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 07a9d50) | patch
Disallow css attr() with url type
authorcsteipp <csteipp@wikimedia.org>
Wed, 11 Jun 2014 23:29:33 +0000 (16:29 -0700)
committerBrian Wolff <bawolff+wn@gmail.com>
Tue, 20 Sep 2016 19:56:24 +0000 (19:56 +0000)
commit284173282d4fc25031b6ded0f696c46ecbf97338
tree791dc0b77d2451c4d8425897af9fc7e0ffe33091tree | snapshot
parent07a9d50dddbe03277bf156bd5cfa5b1f7cc26cb3commit | diff
Disallow css attr() with url type

CSS3 seems like it will extend the attr() function which can interpret
attribute as different types, including 'url', which "...is interpreted
as a quoted string within the ‘url()’ notation."

Currently no browsers support this syntax yet, so submitting this
as a normal non-security patch.

Bug: T68404
Change-Id: Icdae989764754c985a9292d62efae7cc47009df5
includes/Sanitizer.php diff | blob | history
tests/phpunit/includes/SanitizerTest.php diff | blob | history
Wiklou, le Wiki du Wiklou