Last modified: 2012-03-07 20:48:12 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T37013, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 35013 - Sanitizer:removeHTMLtags failure: it removes XHMTL style <img src=... /> tags when allowing this tag expressly


Summary:	Sanitizer:removeHTMLtags failure: it removes XHMTL style <img src=... /> tags...

Status:	RESOLVED INVALID

Product:	MediaWiki
Classification:	Unclassified
Component:	General/Unknown (Other open bugs)
Version:	1.20.x
Hardware:	All All

Importance:	Normal normal (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	34763 35002
	Show dependency tree / graph

Reported:	2012-03-06 22:28 UTC by T. Gries
Modified:	2012-03-07 20:48 UTC (History)
CC List:	0 users

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description T. Gries 2012-03-06 22:28:07 UTC

When allowing <img> tags by using 

$string = Sanitizer:removeHTMLtags( $string, null, array(), array( "img" ) );

this fails:

Sanitizer htmlescapes the _closed_ img tag even when I say by using the allowed tag array( "img" ) that I want allow it and the tag should not be escaped.

Can parser and sanitizer experts please have look into this singular problem and repair it ?

Comment 1 T. Gries 2012-03-07 20:48:12 UTC

It appears that I made a mistake in my numerous tests: a constructed "a" link in "img"-tag preceeding context was not properly closed. This then broke the rest ...

End of that story, and good news:

Sanitizer:removeHTMLtags appears to work as designed.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links