So far I'm allowing color face and size, are there any others the php parser allows (or should allow?)
This is for my realtime javascript parser.
Thanks, Jim
Jim Higson wrote:
So far I'm allowing color face and size, are there any others the php parser allows (or should allow?)
Here's what the HTML sanitizer code in 1.5 currently allows:
Common attributes: 'id', 'class', 'lang', 'dir', 'title', 'style'
Specific to <font>: 'size', 'color', 'face'
The <=1.4 code is more permissive as it has only a global attribute whitelist, and will thus allow attributes that don't actually apply to the <font> element.
-- brion vibber (brion @ pobox.com)
Brion Vibber wrote:
Jim Higson wrote:
So far I'm allowing color face and size, are there any others the php parser allows (or should allow?)
Here's what the HTML sanitizer code in 1.5 currently allows:
Common attributes: 'id', 'class', 'lang', 'dir', 'title', 'style'
Specific to <font>: 'size', 'color', 'face'
The <=1.4 code is more permissive as it has only a global attribute whitelist, and will thus allow attributes that don't actually apply to the <font> element.
-- brion vibber (brion @ pobox.com)
Thanks.
Just out of interest, what value is attained from allowing id and class in wikitext? Doesn't this allow people to create messed up pages by setting id="globalWrapper" or some such thing?
Jim Higson wrote:
Just out of interest, what value is attained from allowing id and class in wikitext?
class is useful for attaching styles in the style sheet.
id can be used to ad explicit anchor targets which can be specified in a link's fragment identifier.
Doesn't this allow people to create messed up pages by setting id="globalWrapper" or some such thing?
Sure, but that'd be a silly thing to do wouldn't it? ;)
Unique id verification will probably get added at some point for markup purity (a validator will complain at you if you have non-unique id attributes).
-- brion vibber (brion @ pobox.com)
wikitech-l@lists.wikimedia.org