--- Comment #76 from Daniel Friesen <> ---
(In reply to comment #71)
> It looks like Sanitizer::validateAttributes would call Sanitizer::checkCss on
> the style property; but the docstrings for Sanitizer::checkCss specify:
>     * Currently URL references, 'expression', 'tps' are forbidden.
> so I suppose the following would be needed:
> * background-image: '";>
> * width: safeEncodeAttribute
> * height: safeEncodeAttribute

Html::element already handles encoding attributes, you just want to sanitize
css.(In reply to comment #74)

> (In reply to comment #73)
> Nice. So Facebook does parse (some?) og:image tags beyond just <meta> tags
> within <head>?
> facebook

Besides Google+ there's also a list of OGP parsers to test:

(In reply to comment #75)
> (In reply to comment #68)
> Did anyone mention an RDFa 1.0 requirement?

The commit that implements that RFC includes a high level API for managing RDFa
prefixes, adding them to <html>, and adding RDFa to the <head>.

$og = $out->getPrefixContext()->prefix( 'og', '', true );
$out->addGraphProperty( $og->curie( 'image' ), ... );

You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to