Arlolra has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/370235 )
Change subject: Match php parser's attribute sanitizer
......................................................................
Match php parser's attribute sanitizer
Change-Id: Ia1e1bf9806c92945aee5e6106b0401c500826feb
---
M lib/wt2html/tt/Sanitizer.js
1 file changed, 45 insertions(+), 23 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/services/parsoid
refs/changes/35/370235/1
diff --git a/lib/wt2html/tt/Sanitizer.js b/lib/wt2html/tt/Sanitizer.js
index 628b7d7..1d9812a 100644
--- a/lib/wt2html/tt/Sanitizer.js
+++ b/lib/wt2html/tt/Sanitizer.js
@@ -372,23 +372,35 @@
// attrWhiteList code would have to be redone to cache the
white list in the
// Sanitizer object rather than in the SanitizerConstants
object.
function computeAttrWhiteList(config) {
- // base list
var common = ["id", "class", "lang", "dir", "title",
"style"];
+ // WAI-ARIA
+ common = common.concat([
+ 'aria-describedby',
+ 'aria-flowto',
+ 'aria-label',
+ 'aria-labelledby',
+ 'aria-owns',
+ 'role',
+ ]);
+
// RDFa attributes
+ // These attributes are specified in section 9 of
+ // https://www.w3.org/TR/2008/REC-rdfa-syntax-20081014
var rdfa = ["about", "property", "resource",
"datatype", "typeof"];
if (config.allowRdfaAttrs) {
common = common.concat(rdfa);
}
- // MicroData attrs
+ // Microdata. These are specified by
+ //
https://html.spec.whatwg.org/multipage/microdata.html#the-microdata-model
var mda = ["itemid", "itemprop", "itemref",
"itemscope", "itemtype"];
if (config.allowMicrodataAttrs) {
common = common.concat(mda);
}
var block = common.concat(["align"]);
- var tablealign = ["align", "char", "charoff", "valign"];
+ var tablealign = ["align", "valign"];
var tablecell = [
"abbr", "axis", "headers", "scope", "rowspan",
"colspan",
// these next 4 are deprecated
@@ -401,7 +413,7 @@
// 7.5.4
'div': block,
'center': common, // deprecated
- 'span': block, // ??
+ 'span': common,
// 7.5.5
'h1': block,
@@ -441,7 +453,10 @@
'p': block,
// 9.3.2
- 'br': [ 'id', 'class', 'title', 'style',
'clear' ],
+ 'br': common.concat([ 'clear' ]),
+
+ //
https://www.w3.org/TR/html5/text-level-semantics.html#the-wbr-element
+ 'wbr': common,
// 9.3.4
'pre': common.concat([ 'width' ]),
@@ -452,7 +467,7 @@
// 10.2
'ul': common.concat([ 'type' ]),
- 'ol': common.concat([ 'type', 'start' ]),
+ 'ol': common.concat([ 'type', 'start',
'reversed' ]),
'li': common.concat([ 'type', 'value' ]),
// 10.3
@@ -468,29 +483,28 @@
]),
// 11.2.2
- 'caption': common.concat([ 'align' ]),
+ 'caption': block,
// 11.2.3
- 'thead': common.concat(tablealign),
- 'tfoot': common.concat(tablealign),
- 'tbody': common.concat(tablealign),
+ 'thead': common,
+ 'tfoot': common,
+ 'tbody': common,
// 11.2.4
- 'colgroup': common.concat([ 'span', 'width'
]).concat(tablealign),
- 'col': common.concat([ 'span', 'width'
]).concat(tablealign),
+ 'colgroup': common.concat([ 'span' ]),
+ 'col': common.concat([ 'span' ]),
// 11.2.5
'tr': common.concat([ 'bgcolor'
]).concat(tablealign),
// 11.2.6
- 'td':
common.concat(tablecell).concat(tablealign),
- 'th':
common.concat(tablecell).concat(tablealign),
+ 'td': common.concat(tablecell, tablealign),
+ 'th': common.concat(tablecell, tablealign),
- // 12.2 # NOTE: <a> is not allowed directly,
but the attrib whitelist is used from the Parser object
+ // 12.2
+ // NOTE: <a> is not allowed directly, but the
attrib
+ // whitelist is used from the Parser object
'a': common.concat([ 'href', 'rel', 'rev' ]),
// rel/rev esp. for RDFa
-
- // Add in link tags so we can pass in
categories, etc.
- 'link': common.concat([ 'href', 'rel' ]), //
rel/rev esp. for RDFa
// 13.2
// Not usually allowed, but may be used for
extension-style hooks
@@ -517,10 +531,10 @@
// basefont
// 15.3
- 'hr': common.concat([ 'noshade', 'size',
'width' ]),
+ 'hr': common.concat([ 'width' ]),
- // XHTML Ruby annotation text module, simple
ruby only.
- // http://www.w3c.org/TR/ruby/
+ // HTML Ruby annotation text module, simple
ruby only.
+ //
https://www.w3.org/TR/html5/text-level-semantics.html#the-ruby-element
'ruby': common,
// rbc
'rb': common,
@@ -539,12 +553,20 @@
// HTML 5 section 4.6
'bdi': common,
- 'wbr': [ 'id', 'class', 'title', 'style' ],
- // HTML5 elements, defined by
http://www.whatwg.org/html/
+ // HTML5 elements, defined by:
+ //
https://html.spec.whatwg.org/multipage/semantics.html#the-data-element
'data': common.concat(['value']),
'time': common.concat(['datetime']),
'mark': common,
+
+ // meta and link are only permitted by
removeHTMLtags when Microdata
+ // is enabled so we don't bother adding a
conditional to hide these
+ // Also meta and link are only valid in
WikiText as Microdata elements
+ // (ie: validateTag rejects tags missing the
attributes needed for Microdata)
+ // So we don't bother including $common
attributes that have no purpose.
+ 'meta': ['itemprop', 'content'],
+ 'link': ['itemprop', 'href', 'title'],
};
}
--
To view, visit https://gerrit.wikimedia.org/r/370235
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia1e1bf9806c92945aee5e6106b0401c500826feb
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/services/parsoid
Gerrit-Branch: master
Gerrit-Owner: Arlolra <abrea...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
