r73880 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r73879‎ \| r73880 \| r73881 >
Date:	11:12, 28 September 2010
Author:	demon
Status:	resolved (Comments)
Tags:
Comment:	More bug 671: whitelist <kbd> and <samp> for user input. Followup per r70164's comment.
Modified paths:	/trunk/phase3/RELEASE-NOTES (modified) (history) /trunk/phase3/includes/Sanitizer.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/Sanitizer.php
—	—	@@ -368,7 +368,8 @@
369	369	'h2', 'h3', 'h4', 'h5', 'h6', 'cite', 'code', 'em', 's',
370	370	'strike', 'strong', 'tt', 'var', 'div', 'center',
371	371	'blockquote', 'ol', 'ul', 'dl', 'table', 'caption', 'pre',
372		~~- 'ruby', 'rt' , 'rb' , 'rp', 'p', 'span', 'u', 'abbr', 'dfn'~~
	372	+ 'ruby', 'rt' , 'rb' , 'rp', 'p', 'span', 'u', 'abbr', 'dfn',
	373	+ 'kbd', 'samp'
373	374	);
374	375	$htmlsingle = array(
375	376	'br', 'hr', 'li', 'dt', 'dd'
Index: trunk/phase3/RELEASE-NOTES
—	—	@@ -138,7 +138,7 @@
139	139	because it encourages edits to be marked minor accidentally and it can be
140	140	easily replicated by custom user scripts for those who really want it.
141	141	* Non-file pages can no longer be moved to the file namespace, nor vice versa.
142		~~-* (bug 671) The <dfn> element has been whitelisted in user input.~~
	142	+* (bug 671) The <dfn>, <kbd> and <samp> elements have been whitelisted in user input
143	143	* (bug 24563) Entries on Special:WhatLinksHere now have a link to their history
144	144	* (bug 21503) There's now a "reason" field when creating account for other users
145	145	* (bug 24418) action=markpatrolled now requires a token

Follow-up revisions

Revision	Commit summary	Author	Date
r73911	Followup r73880, forgot to give kbd and samp their attribute whitelists	demon	15:41, 28 September 2010
r88118	Fix Bug 28979 — “remove some CSS for abbr and acronym tags”...	mah	22:10, 14 May 2011

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r54241	Allow <abbr> in wikitext...	simetrical	22:15, 2 August 2009
r70164	Whitelist <dfn> element...	simetrical	18:47, 29 July 2010

Comments

#Comment by Brion VIBBER (talk | contribs) 15:37, 28 September 2010

This seems to be incomplete; no attribute whitelist entries are added for the new elements.

These should pass the style attribute through:

enjoy some <kbd style="color:red">echo "typing"</kbd> and <samp style="color:blue">sample text</samp>

enjoy some <span style="color:red">echo "typing"</span> and <span style="color:blue">sample text</span>

Status & tagging log

15:57, 28 September 2010 Brion VIBBER (talk | contribs) changed the status of r73880 [removed: fixme added: resolved]
15:37, 28 September 2010 Brion VIBBER (talk | contribs) changed the status of r73880 [removed: new added: fixme]