https://bugzilla.wikimedia.org/show_bug.cgi?id=35820
--- Comment #3 from Chris Steipp <[email protected]> --- (In reply to comment #1) > "The CSS extension relies on basic blacklisting functionality in MediaWiki > core > to prevent XSS. It would be great if a proper CSS parser [1] was integrated > and > a set of whitelists implemented to offer various levels of > capability/protection trade-offs. This sounds like a great project. I'd recommend looking at HTML Purifier's CSS rules as well, which would be great to integrate into either the extension, or core's CSS sanitization. > [1] https://github.com/sabberworm/PHP-CSS-Parser -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
