https://bugzilla.wikimedia.org/show_bug.cgi?id=67044
Bawolff (Brian Wolff) <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #11 from Bawolff (Brian Wolff) <[email protected]> --- So, this limitation was intentional. To quote our code: # image filters can pull in url, which could be svg that executes scripts if ( $strippedElement == 'image' && $stripped == 'filter' && preg_match( '!url\s*\(!sim', $value ) ) { wfDebug( __METHOD__ . ": Found image filter with url: " . "\"<$strippedElement $stripped='$value'...\" in uploaded file.\n" ); return true; } However the main intent of this block seems to be to prevent external filters, not filters from the same file. CSteipp: Would it be ok to relax the filter restriction so it only blacklists external urls, but is ok for things like filter: url( #foo ); and filter: url( '#bar' ); ? This would be similar to how we handle style attributes. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
