Santhosh has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/370443 )

Change subject: Add typeof a known attribute for MT output sanitizer
......................................................................

Add typeof a known attribute for MT output sanitizer

Dompurify's attribute list does not include it.
https://github.com/cure53/DOMPurify/blob/master/src/attrs.js

Change-Id: I9d7b5633718fe87316935735481b3e999b5d8739
---
M lib/mt/MTClient.js
1 file changed, 2 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/services/cxserver 
refs/changes/43/370443/1

diff --git a/lib/mt/MTClient.js b/lib/mt/MTClient.js
index 3918f37..582b8e5 100644
--- a/lib/mt/MTClient.js
+++ b/lib/mt/MTClient.js
@@ -108,7 +108,8 @@
        }
 
        return this.DOMPurify.sanitize( html, {
-               ADD_URI_SAFE_ATTR: [ 'rel' ] // Without this rel="mw:WikiLink" 
attributes will be removed.
+               ADD_ATTR: [ 'typeof' ], // typeof is not a known attribute for 
DOMPurify
+               ADD_URI_SAFE_ATTR: [ 'rel', 'typeof' ] // Without this 
rel="mw:WikiLink" attributes will be removed.
        } );
 };
 

-- 
To view, visit https://gerrit.wikimedia.org/r/370443
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9d7b5633718fe87316935735481b3e999b5d8739
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/services/cxserver
Gerrit-Branch: master
Gerrit-Owner: Santhosh <santhosh.thottin...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to