* (bug 32239) Removed wgEnableTooltipsAndAccesskeys.
* Removed $wgVectorShowVariantName.
* Removed $wgExtensionAliasesFiles. Use wgExtensionMessagesFiles.
+* Introduced $wgAllowATag to allow <a> tags to be used for external links,
+ so rel and ref attributes can be used with microdata resp RDFa.
+ Defaults is false.
=== New features in 1.19 ===
* (bug 19838) Possibility to get all interwiki prefixes if the interwiki
/**
* Enabled HTML5 microdata attributes for use in wikitext, if $wgHtml5 is also true.
+ * See also $wgAllowATag.
*/
$wgAllowMicrodataAttributes = false;
/**
* Cleanup as much presentational html like valign -> css vertical-align as we can
+ * See also $wgAllowATag.
*/
$wgCleanupPresentationalAttributes = true;
*/
$wgAllowImageTag = false;
+/**
+ * Allow <a> tags for specifying external links, so it becomes possible to
+ * provide ref and rel attributes. This allows for microdata/microformats/RDFa
+ * annotations to be embedded on wiki pages. See also $wgAllowRdfaAttributes
+ * and $wgAllowMicrodataAttributes.
+ */
+$wgAllowATag = false;
+
/**
* $wgUseTidy: use tidy to make sure HTML output is sane.
* Tidy is a free tool that fixes broken HTML.
$htmlsingleonly[] = 'img';
}
+ global $wgAllowATag;
+ if ( $wgAllowATag ) {
+ $htmlpairsStatic[] = 'a';
+ }
+
$htmlsingleallowed = array_unique( array_merge( $htmlsingle, $tabletags ) );
$htmlelementsStatic = array_unique( array_merge( $htmlsingle, $htmlpairsStatic, $htmlnest ) );
}
}
+ if ( $attribute === 'href' || $attribute === 'src' ) {
+ if ( !preg_match( $hrefExp, $value ) ) {
+ continue; //drop any href or src attributes not using an allowed protocol.
+ //NOTE: this also drops all relative URLs
+ }
+ }
+
+ //RDFa properties allow URIs. check them
+ if ( $attribute === 'rel' || $attribute === 'rev' ||
+ $attribute === 'about' || $attribute === 'property' || $attribute === 'resource' ||
+ $attribute === 'datatype' || $attribute === 'typeof' ) {
+ //Paranoia. Allow "simple" values but suppress javascript
+ if ( preg_match( '/(^|\s)javascript\s*:/i', $value ) ) {
+ continue;
+ }
+ }
+
// If this attribute was previously set, override it.
// Output should only have one attribute of each name.
$out[$attribute] = $value;
'td' => array_merge( $common, $tablecell, $tablealign ),
'th' => array_merge( $common, $tablecell, $tablealign ),
- # 12.2 # NOTE: <a> is not allowed directly, but the attrib whitelist is used from the Parser object
+ # 12.2
'a' => array_merge( $common, array( 'href', 'rel', 'rev' ) ), # rel/rev esp. for RDFa
# 13.2
dépôts / lhc / web / wiklou.git / commitdiff