https://bugzilla.wikimedia.org/show_bug.cgi?id=11106
--- Comment #9 from Daniel Renfro <[email protected]> --- The url() function in CSS is perfectly valid as long as there's not a "javascript:" psuedo-schema in it that executes code. There are plenty of legimate cases where the url() function might be useful/necessary that are currently forbidden by the Sanitizer because it is overly generic. Maybe a better fix to this problem, instead of pulling out the regex to be possibly overridden/reset/unset by an admin, is to make sure the string "javascript:" does not appear it in. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
