https://bugzilla.wikimedia.org/show_bug.cgi?id=34763
--- Comment #7 from Bawolff <[email protected]> 2012-03-02 21:01:17 UTC --- Some thoughts on this: *First of all, unfortunatly it looks like the sanitizer can't really be used, since (I assume) we want <tag-we-don't-recognize> to be silently ignored (aka the tag removed, but its contents not removed) instead of htmlescaped. What I would do, is basically make my own regex filter (somewhat based on Sanitizer::removeHTMLTags. At the very least, steal its list of allowed html tags) that just kills any tag not on the safe list. This should mostly work, since anything on the safe list should pass through the parser fine, and anything else would be gone. The only hickup would be that people would probably want links to come through unharmed, which means they would have to be converted to wiki-syntax [http://foo bar] style links in order for that to work. (If you want, I can make a patch that would probably better describe what I'm thinking than this comment did) The other thing to maybe look into, is for the actual substitution of {{{link}}} (or whatever) in the template - maybe use recursiveTagParse (or possibly some other method from the parser. Not sure off the top of my head which is most appropriate) with a custom frame containing the args from the feed instead of using str_replace. That way the parameter substitution would be exactly like how it normally works in templates. People could do things like {{{link|text if no link}}}, etc. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
