https://bugzilla.wikimedia.org/show_bug.cgi?id=35002
Bawolff <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Bawolff <[email protected]> 2012-03-06 15:20:08 UTC --- (In reply to comment #0) > Scenario: > > if you want to strip all insane tags but allow "a" and "img" tags, you would > use this > > $string = Sanitizer::removeHTMLtags( $string, null, array(), array( "a", "img" > ) ); > > This leaves single "a" and "img" tags, but I noticed that the Sanitizer > function does not work correctly for such string : > > <a href='http://link-url'><img src='http://image-url'></a> > > Because this a widely used construct I suggest to fix the removeHTMLtgas have > it working for this case, too. Works fine if you have $wgAllowImageTag = true; set in your LocalSettings.php. I suppose the fourth parameter of that function is not meant for self-closing tags. > I also noticed that the function fails in the constructed case where the image > tag is intentionally incorrectly written as a closed tag <img > src='http://image-url' /> Valid in XHTML! (although we don't use xhtml any more...) -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
