Arlolra has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/370235 )
Change subject: Match php parser's attribute sanitizer ...................................................................... Match php parser's attribute sanitizer Change-Id: Ia1e1bf9806c92945aee5e6106b0401c500826feb --- M lib/wt2html/tt/Sanitizer.js 1 file changed, 45 insertions(+), 23 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/services/parsoid refs/changes/35/370235/1 diff --git a/lib/wt2html/tt/Sanitizer.js b/lib/wt2html/tt/Sanitizer.js index 628b7d7..1d9812a 100644 --- a/lib/wt2html/tt/Sanitizer.js +++ b/lib/wt2html/tt/Sanitizer.js @@ -372,23 +372,35 @@ // attrWhiteList code would have to be redone to cache the white list in the // Sanitizer object rather than in the SanitizerConstants object. function computeAttrWhiteList(config) { - // base list var common = ["id", "class", "lang", "dir", "title", "style"]; + // WAI-ARIA + common = common.concat([ + 'aria-describedby', + 'aria-flowto', + 'aria-label', + 'aria-labelledby', + 'aria-owns', + 'role', + ]); + // RDFa attributes + // These attributes are specified in section 9 of + // https://www.w3.org/TR/2008/REC-rdfa-syntax-20081014 var rdfa = ["about", "property", "resource", "datatype", "typeof"]; if (config.allowRdfaAttrs) { common = common.concat(rdfa); } - // MicroData attrs + // Microdata. These are specified by + // https://html.spec.whatwg.org/multipage/microdata.html#the-microdata-model var mda = ["itemid", "itemprop", "itemref", "itemscope", "itemtype"]; if (config.allowMicrodataAttrs) { common = common.concat(mda); } var block = common.concat(["align"]); - var tablealign = ["align", "char", "charoff", "valign"]; + var tablealign = ["align", "valign"]; var tablecell = [ "abbr", "axis", "headers", "scope", "rowspan", "colspan", // these next 4 are deprecated @@ -401,7 +413,7 @@ // 7.5.4 'div': block, 'center': common, // deprecated - 'span': block, // ?? + 'span': common, // 7.5.5 'h1': block, @@ -441,7 +453,10 @@ 'p': block, // 9.3.2 - 'br': [ 'id', 'class', 'title', 'style', 'clear' ], + 'br': common.concat([ 'clear' ]), + + // https://www.w3.org/TR/html5/text-level-semantics.html#the-wbr-element + 'wbr': common, // 9.3.4 'pre': common.concat([ 'width' ]), @@ -452,7 +467,7 @@ // 10.2 'ul': common.concat([ 'type' ]), - 'ol': common.concat([ 'type', 'start' ]), + 'ol': common.concat([ 'type', 'start', 'reversed' ]), 'li': common.concat([ 'type', 'value' ]), // 10.3 @@ -468,29 +483,28 @@ ]), // 11.2.2 - 'caption': common.concat([ 'align' ]), + 'caption': block, // 11.2.3 - 'thead': common.concat(tablealign), - 'tfoot': common.concat(tablealign), - 'tbody': common.concat(tablealign), + 'thead': common, + 'tfoot': common, + 'tbody': common, // 11.2.4 - 'colgroup': common.concat([ 'span', 'width' ]).concat(tablealign), - 'col': common.concat([ 'span', 'width' ]).concat(tablealign), + 'colgroup': common.concat([ 'span' ]), + 'col': common.concat([ 'span' ]), // 11.2.5 'tr': common.concat([ 'bgcolor' ]).concat(tablealign), // 11.2.6 - 'td': common.concat(tablecell).concat(tablealign), - 'th': common.concat(tablecell).concat(tablealign), + 'td': common.concat(tablecell, tablealign), + 'th': common.concat(tablecell, tablealign), - // 12.2 # NOTE: <a> is not allowed directly, but the attrib whitelist is used from the Parser object + // 12.2 + // NOTE: <a> is not allowed directly, but the attrib + // whitelist is used from the Parser object 'a': common.concat([ 'href', 'rel', 'rev' ]), // rel/rev esp. for RDFa - - // Add in link tags so we can pass in categories, etc. - 'link': common.concat([ 'href', 'rel' ]), // rel/rev esp. for RDFa // 13.2 // Not usually allowed, but may be used for extension-style hooks @@ -517,10 +531,10 @@ // basefont // 15.3 - 'hr': common.concat([ 'noshade', 'size', 'width' ]), + 'hr': common.concat([ 'width' ]), - // XHTML Ruby annotation text module, simple ruby only. - // http://www.w3c.org/TR/ruby/ + // HTML Ruby annotation text module, simple ruby only. + // https://www.w3.org/TR/html5/text-level-semantics.html#the-ruby-element 'ruby': common, // rbc 'rb': common, @@ -539,12 +553,20 @@ // HTML 5 section 4.6 'bdi': common, - 'wbr': [ 'id', 'class', 'title', 'style' ], - // HTML5 elements, defined by http://www.whatwg.org/html/ + // HTML5 elements, defined by: + // https://html.spec.whatwg.org/multipage/semantics.html#the-data-element 'data': common.concat(['value']), 'time': common.concat(['datetime']), 'mark': common, + + // meta and link are only permitted by removeHTMLtags when Microdata + // is enabled so we don't bother adding a conditional to hide these + // Also meta and link are only valid in WikiText as Microdata elements + // (ie: validateTag rejects tags missing the attributes needed for Microdata) + // So we don't bother including $common attributes that have no purpose. + 'meta': ['itemprop', 'content'], + 'link': ['itemprop', 'href', 'title'], }; } -- To view, visit https://gerrit.wikimedia.org/r/370235 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ia1e1bf9806c92945aee5e6106b0401c500826feb Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/services/parsoid Gerrit-Branch: master Gerrit-Owner: Arlolra <abrea...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits