[Bug 35002] New: Sanitizer:removeHTMLtags fails for tag when enclosed in link

bugzilla-daemon Tue, 06 Mar 2012 00:33:30 -0800

https://bugzilla.wikimedia.org/show_bug.cgi?id=35002


       Web browser: ---
             Bug #: 35002
           Summary: Sanitizer:removeHTMLtags fails for <img src=> tag when
                    enclosed in <a> link
           Product: MediaWiki
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: General/Unknown
        AssignedTo: [email protected]
        ReportedBy: [email protected]
    Classification: Unclassified
   Mobile Platform: ---


Scenario:

if you want to strip all insane tags but allow "a" and "img" tags, you would
use this

$string = Sanitizer::removeHTMLtags( $string, null, array(), array( "a", "img"
) );

This leaves single "a" and "img" tags, but I noticed that the Sanitizer
function does not work correctly for such string :

<a href='http://link-url'><img src='http://image-url'></a>

Because this a widely used construct I suggest to fix the removeHTMLtgas have
it working for this case, too.

I also noticed that the function fails in the constructed case where the image
tag is intentionally incorrectly written as a closed tag <img
src='http://image-url' />

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 35002] New: Sanitizer:removeHTMLtags fails for tag when enclosed in link

Reply via email to