http://www.mediawiki.org/wiki/Special:Code/MediaWiki/65337
Revision: 65337
Author: platonides
Date: 2010-04-20 19:04:00 +0000 (Tue, 20 Apr 2010)
Log Message:
-----------
Follow up r65286. If we are going to support <img we should support width and
height
attributes, too. Since there's a potential for creating webbugs of 1x1px we
might want
to enforce a minimum size for them. But that has always existed when the
attacker provides
the image.
The sanitizer isn't treating numeric-like arguments in a special way. That is
something
to fix.
Modified Paths:
--------------
trunk/phase3/includes/Sanitizer.php
Modified: trunk/phase3/includes/Sanitizer.php
===================================================================
--- trunk/phase3/includes/Sanitizer.php 2010-04-20 18:55:30 UTC (rev 65336)
+++ trunk/phase3/includes/Sanitizer.php 2010-04-20 19:04:00 UTC (rev 65337)
@@ -1411,7 +1411,7 @@
# Not usually allowed, but may be used for
extension-style hooks
# such as <math> when it is rasterized, or if
$wgAllowImageTag is
# true
- 'img' => array_merge( $common, array( 'alt',
'src' ) ),
+ 'img' => array_merge( $common, array( 'alt',
'src', 'width', 'height' ) ),
# 15.2.1
'tt' => $common,
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
