r61193 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r61192‎ \| r61193 \| r61194 >
Date:	01:30, 18 January 2010
Author:	simetrical
Status:	ok
Tags:
Comment:	Strip some microdata attributes when invalid
Modified paths:	/trunk/phase3/includes/Sanitizer.php (modified) (history) /trunk/phase3/maintenance/parserTests.txt (modified) (history)

Diff [purge]

Index: trunk/phase3/maintenance/parserTests.txt
—	—	@@ -7764,9 +7764,35 @@
7765	7765
7766	7766	!! end
7767	7767
	7768	+!! test
	7769	+Microdata: license example from spec with bad itemtype
	7770	+!! input
	7771	+<div itemscope itemtype="http://nonstandard.invalid/">
	7772	+<img itemprop="work" src="mypond.jpeg">
	7773	+<p><cite itemprop="title">My Pond</cite></p>
	7774	+<p><small>Licensed under the <a itemprop="license"
	7775	+href="http://creativecommons.org/licenses/by-sa/3.0/us/">Creative
	7776	+Commons Attribution-Share Alike 3.0 United States License</a>
	7777	+and the <a itemprop="license"
	7778	+href="http://www.opensource.org/licenses/mit-license.php">MIT
	7779	+license</a>.</small></p>
	7780	+</div>
	7781	+!! result
	7782	+<div>
	7783	+<p><img itemprop="work" src="mypond.jpeg">
	7784	+</p>
	7785	+<p><cite itemprop="title">My Pond</cite></p>
	7786	+<p><small>Licensed under the <a href="http://creativecommons.org/licenses/by-sa/3.0/us/" class="external " itemprop="license">Creative
	7787	+Commons Attribution-Share Alike 3.0 United States License</a>
	7788	+and the <a href="http://www.opensource.org/licenses/mit-license.php" class="external " itemprop="license">MIT
	7789	+license</a>.</small></p>
	7790	+</div>
7768	7791
	7792	+!! end
7769	7793
7770	7794
	7795	+
	7796	+
7771	7797	TODO:
7772	7798	more images
7773	7799	more tables
Index: trunk/phase3/includes/Sanitizer.php
—	—	@@ -620,7 +620,7 @@
621	621	* @todo Check for unique id attribute :P
622	622	*/
623	623	static function validateAttributes( $attribs, $whitelist ) {
624		~~- global $wgAllowRdfaAttributes;~~
	624	+ global $wgAllowRdfaAttributes, $wgAllowMicrodataAttributes;
625	625
626	626	$whitelist = array_flip( $whitelist );
627	627	$hrefExp = '/^(' . wfUrlProtocols() . ')[^\s]+$/';
—	—	@@ -682,6 +682,29 @@
683	683	// Output should only have one attribute of each name.
684	684	$out[$attribute] = $value;
685	685	}
	686	+
	687	+ if ( $wgAllowMicrodataAttributes ) {
	688	+ # There are some complicated validity constraints we need to
	689	+ # enforce here. First of all, we don't want to allow non-standard
	690	+ # itemtypes.
	691	+ $allowedTypes = array(
	692	+ 'http://microformats.org/profile/hcard',
	693	+ 'http://microformats.org/profile/hcalendar#vevent',
	694	+ 'http://n.whatwg.org/work',
	695	+ );
	696	+ if ( isset( $out['itemtype'] ) && !in_array( $out['itemtype'],
	697	+ $allowedTypes ) ) {
	698	+ # Kill everything
	699	+ unset( $out['itemscope'] );
	700	+ }
	701	+ # itemtype, itemid, itemref don't make sense without itemscope
	702	+ if ( !array_key_exists( 'itemscope', $out ) ) {
	703	+ unset( $out['itemtype'] );
	704	+ unset( $out['itemid'] );
	705	+ unset( $out['itemref'] );
	706	+ }
	707	+ # TODO: Strip itemprop if we aren't descendants of an itemscope.
	708	+ }
686	709	return $out;
687	710	}
688	711

Status & tagging log

05:18, 28 January 2010 Tim Starling (talk | contribs) changed the status of r61193 [removed: new added: ok]