https://bugzilla.wikimedia.org/show_bug.cgi?id=30113

--- Comment #76 from Daniel Friesen <mediawiki-b...@nadir-seen-fire.com> ---
(In reply to comment #71)
> It looks like Sanitizer::validateAttributes would call Sanitizer::checkCss on
> the style property; but the docstrings for Sanitizer::checkCss specify:
> 
>     * Currently URL references, 'expression', 'tps' are forbidden.
> 
> so I suppose the following would be needed:
> 
> * background-image: '";>
> * width: safeEncodeAttribute
> * height: safeEncodeAttribute

Html::element already handles encoding attributes, you just want to sanitize
css.(In reply to comment #74)

> (In reply to comment #73)
> Nice. So Facebook does parse (some?) og:image tags beyond just <meta> tags
> within <head>?
> 
> https://stackoverflow.com/questions/10397510/are-open-graph-tags-just-for-
> facebook

Besides Google+ there's also a list of OGP parsers to test:
http://ogp.me/#implementations

(In reply to comment #75)
> (In reply to comment #68)
> Did anyone mention an RDFa 1.0 requirement?

The commit that implements that RFC includes a high level API for managing RDFa
prefixes, adding them to <html>, and adding RDFa to the <head>.

$og = $out->getPrefixContext()->prefix( 'og', 'http://ogp.me/ns#', true );
$out->addGraphProperty( $og->curie( 'image' ), ... );

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to