From: Aryeh Gregor Date: Thu, 29 Jul 2010 18:47:58 +0000 (+0000) Subject: Whitelist element X-Git-Tag: 1.31.0-rc.0~35834 X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=commitdiff_plain;h=08e13c5144e748ece446914a1613fd2487099b1a Whitelist element Bug 671. Harmless, why not. The remaining elements in this vein that we might want to whitelist include * : Not yet, inconsistent quote mark handling in browsers *
: Semantics in HTML5 appear to mean it must represent contact info for the author of the (or
if present), which is almost certain to be useless in user-submitted wiki content; see http://www.w3.org/Bugs/Public/show_bug.cgi?id=10255 * , : Will add if this is WONTFIXed: http://www.w3.org/Bugs/Public/show_bug.cgi?id=9919 --- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 460d370d1c..f55d9a9178 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -119,6 +119,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN because it encourages edits to be marked minor accidentally and it can be easily replicated by custom user scripts for those who really want it. * Non-file pages can no longer be moved to the file namespace, nor vice versa. +* (bug 671) The element has been whitelisted in user input. === Bug fixes in 1.17 === * (bug 17560) Half-broken deletion moved image files to deletion archive diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php index 6b1caf7cd3..5b6f2dacaf 100644 --- a/includes/Sanitizer.php +++ b/includes/Sanitizer.php @@ -367,7 +367,7 @@ class Sanitizer { 'h2', 'h3', 'h4', 'h5', 'h6', 'cite', 'code', 'em', 's', 'strike', 'strong', 'tt', 'var', 'div', 'center', 'blockquote', 'ol', 'ul', 'dl', 'table', 'caption', 'pre', - 'ruby', 'rt' , 'rb' , 'rp', 'p', 'span', 'u', 'abbr' + 'ruby', 'rt' , 'rb' , 'rp', 'p', 'span', 'u', 'abbr', 'dfn' ); $htmlsingle = array( 'br', 'hr', 'li', 'dt', 'dd' @@ -1442,7 +1442,7 @@ class Sanitizer { 'em' => $common, 'strong' => $common, 'cite' => $common, - # dfn + 'dfn' => $common, 'code' => $common, # samp # kbd