https://bugzilla.wikimedia.org/show_bug.cgi?id=35820
Web browser: ---
Bug #: 35820
Summary: [CSS] Some CSS stripped by MediaWiki parser CSS
sanitizer
Product: MediaWiki extensions
Version: any
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: Unprioritized
Component: CSS
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected]
Classification: Unclassified
Mobile Platform: ---
I have been unable to get background-image:url( someURL ) to work with this
extension, like below:
{{#css:
/*
This code requires the CSS extension (previously used NewPageCSS)
http://www.mediawiki.org/wiki/Extension:CSS
*/
.someClass {
background-image:url(http://www.somedomain.com/w/images/0/06/someimage.png); }
}}
I believe it is due to Sanitizer::checkCss() as described by Brion here:
http://www.gossamer-threads.com/lists/wiki/mediawiki/233179
The CSS that gets sanitized by the parser is getting stripped out of the CSS
extension too.
However, the usual /* insecure input */ error message appears in the <head> of
the page source, like this:
<style type="text/css">
/*<![CDATA[*/
/* insecure input */
/*]]>*/
</style>
The only way to get around this problem is to put the CSS in
MediaWiki:Common.css.
There are good reasons for the parser to strip some CSS out, but in addition to
documenting this issue (which this bug does, and I'll do in the extension docs
in a moment), it should be configurable whether the CSS extension lets the
parser sanitize, for example, when used on private wikis.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
