Last modified: 2014-03-28 17:35:22 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T65126, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 63126 - HTML sanitizing of extmetadata makes hidden content visible


Summary:	HTML sanitizing of extmetadata makes hidden content visible

Status:	RESOLVED FIXED

Product:	MediaWiki extensions
Classification:	Unclassified
Component:	MultimediaViewer (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	Unprioritized normal (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:	https://www.mediawiki.org/wiki/File:A...
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-03-26 18:22 UTC by Tisza Gergő
Modified:	2014-03-28 17:35 UTC (History)
CC List:	4 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Tisza Gergő 2014-03-26 18:22:51 UTC

Some templates store metadata in display:none-ed text; MediaViewer's whitelistHtml function makes this metadata visible. E.g. permission text shown for PD images starts with "Public domainPublic domainfalsefalse".

Comment 1 Gerrit Notification Bot 2014-03-27 00:06:32 UTC

Change 121282 had a related patch set uploaded by Gergő Tisza:
Utilities to transform HTML to plain or filtered tests

https://gerrit.wikimedia.org/r/121282

Comment 2 Gerrit Notification Bot 2014-03-28 13:43:18 UTC

Change 121282 merged by jenkins-bot:
Utilities to transform HTML to plain or filtered text

https://gerrit.wikimedia.org/r/121282

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links