| Index: trunk/phase3/RELEASE-NOTES-1.19 |
| — | — | @@ -26,9 +26,6 @@ |
| 27 | 27 | * (bug 32239) Removed wgEnableTooltipsAndAccesskeys. |
| 28 | 28 | * Removed $wgVectorShowVariantName. |
| 29 | 29 | * Removed $wgExtensionAliasesFiles. Use wgExtensionMessagesFiles. |
| 30 | | -* Introduced $wgAllowATag to allow <a> tags to be used for external links, |
| 31 | | - so rel and ref attributes can be used with microdata resp RDFa. |
| 32 | | - Defaults is false. |
| 33 | 30 | |
| 34 | 31 | === New features in 1.19 === |
| 35 | 32 | * (bug 19838) Possibility to get all interwiki prefixes if the interwiki |
| Index: trunk/phase3/includes/Sanitizer.php |
| — | — | @@ -407,11 +407,6 @@ |
| 408 | 408 | $htmlsingleonly[] = 'img'; |
| 409 | 409 | } |
| 410 | 410 | |
| 411 | | - global $wgAllowATag; |
| 412 | | - if ( $wgAllowATag ) { |
| 413 | | - $htmlpairsStatic[] = 'a'; |
| 414 | | - } |
| 415 | | - |
| 416 | 411 | $htmlsingleallowed = array_unique( array_merge( $htmlsingle, $tabletags ) ); |
| 417 | 412 | $htmlelementsStatic = array_unique( array_merge( $htmlsingle, $htmlpairsStatic, $htmlnest ) ); |
| 418 | 413 | |
| — | — | @@ -802,23 +797,6 @@ |
| 803 | 798 | } |
| 804 | 799 | } |
| 805 | 800 | |
| 806 | | - if ( $attribute === 'href' || $attribute === 'src' ) { |
| 807 | | - if ( !preg_match( $hrefExp, $value ) ) { |
| 808 | | - continue; //drop any href or src attributes not using an allowed protocol. |
| 809 | | - //NOTE: this also drops all relative URLs |
| 810 | | - } |
| 811 | | - } |
| 812 | | - |
| 813 | | - //RDFa properties allow URIs. check them |
| 814 | | - if ( $attribute === 'rel' || $attribute === 'rev' || |
| 815 | | - $attribute === 'about' || $attribute === 'property' || $attribute === 'resource' || |
| 816 | | - $attribute === 'datatype' || $attribute === 'typeof' ) { |
| 817 | | - //Paranoia. Allow "simple" values but suppress javascript |
| 818 | | - if ( preg_match( '/(^|\s)javascript\s*:/i', $value ) ) { |
| 819 | | - continue; |
| 820 | | - } |
| 821 | | - } |
| 822 | | - |
| 823 | 801 | // If this attribute was previously set, override it. |
| 824 | 802 | // Output should only have one attribute of each name. |
| 825 | 803 | $out[$attribute] = $value; |
| — | — | @@ -1594,7 +1572,7 @@ |
| 1595 | 1573 | 'td' => array_merge( $common, $tablecell, $tablealign ), |
| 1596 | 1574 | 'th' => array_merge( $common, $tablecell, $tablealign ), |
| 1597 | 1575 | |
| 1598 | | - # 12.2 |
| | 1576 | + # 12.2 # NOTE: <a> is not allowed directly, but the attrib whitelist is used from the Parser object |
| 1599 | 1577 | 'a' => array_merge( $common, array( 'href', 'rel', 'rev' ) ), # rel/rev esp. for RDFa |
| 1600 | 1578 | |
| 1601 | 1579 | # 13.2 |
| Index: trunk/phase3/includes/DefaultSettings.php |
| — | — | @@ -2238,13 +2238,11 @@ |
| 2239 | 2239 | |
| 2240 | 2240 | /** |
| 2241 | 2241 | * Enabled HTML5 microdata attributes for use in wikitext, if $wgHtml5 is also true. |
| 2242 | | - * See also $wgAllowATag. |
| 2243 | 2242 | */ |
| 2244 | 2243 | $wgAllowMicrodataAttributes = false; |
| 2245 | 2244 | |
| 2246 | 2245 | /** |
| 2247 | 2246 | * Cleanup as much presentational html like valign -> css vertical-align as we can |
| 2248 | | - * See also $wgAllowATag. |
| 2249 | 2247 | */ |
| 2250 | 2248 | $wgCleanupPresentationalAttributes = true; |
| 2251 | 2249 | |
| — | — | @@ -2977,14 +2975,6 @@ |
| 2978 | 2976 | $wgAllowImageTag = false; |
| 2979 | 2977 | |
| 2980 | 2978 | /** |
| 2981 | | - * Allow <a> tags for specifying external links, so it becomes possible to |
| 2982 | | - * provide ref and rel attributes. This allows for microdata/microformats/RDFa |
| 2983 | | - * annotations to be embedded on wiki pages. See also $wgAllowRdfaAttributes |
| 2984 | | - * and $wgAllowMicrodataAttributes. |
| 2985 | | - */ |
| 2986 | | -$wgAllowATag = false; |
| 2987 | | - |
| 2988 | | -/** |
| 2989 | 2979 | * $wgUseTidy: use tidy to make sure HTML output is sane. |
| 2990 | 2980 | * Tidy is a free tool that fixes broken HTML. |
| 2991 | 2981 | * See http://www.w3.org/People/Raggett/tidy/ |