[Bug 33886] to support for microdata and rdfa, allow tags so external links can have ref/rel attributes

bugzilla-daemon Sun, 22 Jan 2012 18:13:52 -0800

https://bugzilla.wikimedia.org/show_bug.cgi?id=33886


Tim Starling <tstarl...@wikimedia.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tstarl...@wikimedia.org

--- Comment #2 from Tim Starling <tstarl...@wikimedia.org> 2012-01-23 02:13:48 
UTC ---
If there's any way for an <a> tag to sneak through without being added to
mOutput, then that will be a vulnerability for SpamBlacklist/AbuseFilter etc.
allowing links to be added without being properly flagged. So it's really
important that the regex in doHtmlLinks() matches at least as many links as the
one in Sanitizer::removeHTMLtags(). So I'd suggest using \W instead of \s to
detect the end of the tag name.

Otherwise, looks good.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 33886] to support for microdata and rdfa, allow tags so external links can have ref/rel attributes

Reply via email to