[Mediawiki-l] div style = "/* insecure input */"
Dan Nessett
dnessett at yahoo.com
Thu Apr 28 18:29:30 UTC 2011
Our wiki has a template that displays a mini-periodical table. Each table
entry is represented by a small box, which is a link to the corresponding
element's page.
When we upgraded to 1.16.2, this template stopped working. I have traced
the problem to some html added as link text. Specifically, an element (in
this case Hydrogen) is represented by:
[[Hydrogen |<div style="filter:alpha(opacity=99);
-moz-opacity:.99; opacity:.99;
width:6px;
height:9px;
border-bottom:1px solid #fff;
border-left:1px solid #fff;
border-top:1px solid #fff;
border-right:1px solid #fff; background-color:#333">
</div> ]]
When I inspect the output html at the browser, the output div is:
<div style="/* insecure input */" ...
When I remove "filter:alpha(opacity=99);" from the link text, things work
fine (at least on FF and Safari). Investigating, it seems the
"filter:alpha(opacity=99);" attribute is an IE specific opacity setting.
I am attempting to fix this problem, but I don't know where the "/*
insecure input */" value is generated. Is it in the parser? Is by the
browser? Somewhere else? Is there some global I can set to eliminate this
behavior? Is the value "filter:alpha(opacity=99);" obsolete,
necessitating it to be changed to something else?
--
-- Dan Nessett
More information about the MediaWiki-l
mailing list