https://bugzilla.wikimedia.org/show_bug.cgi?id=63126

            Bug ID: 63126
           Summary: HTML sanitizing of extmetadata makes hidden content
                    visible
           Product: MediaWiki extensions
           Version: unspecified
          Hardware: All
               URL: https://www.mediawiki.org/wiki/File:Annotated_screensh
                    ot_of_bug_in_Media_Viewer%27s_license_display.png
                OS: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: MultimediaViewer
          Assignee: wikibugs-l@lists.wikimedia.org
          Reporter: gti...@wikimedia.org
                CC: aarcos.w...@gmail.com, fflo...@wikimedia.org,
                    gti...@wikimedia.org, mtrac...@member.fsf.org
       Web browser: ---
   Mobile Platform: ---

Some templates store metadata in display:none-ed text; MediaViewer's
whitelistHtml function makes this metadata visible. E.g. permission text shown
for PD images starts with "Public domainPublic domainfalsefalse".

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to