[Bug 32154] New: Extension:CSS does not sanitize CSS from article pages

bugzilla-daemon Wed, 02 Nov 2011 14:01:28 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=32154


       Web browser: ---
             Bug #: 32154
           Summary: Extension:CSS does not sanitize CSS from article pages
           Product: MediaWiki extensions
           Version: any
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: [other]
        AssignedTo: [email protected]
        ReportedBy: [email protected]
    Classification: Unclassified


The extension should add a custom URL parameter to the link and hook into
RawPageViewBeforeOutput to sanitize CSS requests with that parameter.

Inline CSS is already sanitized, and "external" files can't/shouldn't be
sanitized.  However, the same custom URL parameter must be appended to
"external" includes so if they are actually referencing wiki pages, they will
be sanitized appropriately.

"external" URLs should also be expanded and verified to be inside the base (to
prevent "../../").

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 32154] New: Extension:CSS does not sanitize CSS from article pages

Reply via email to