Just for the record, which security issues would this be fixing? *-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerro...@gmail.com
On Tue, Jun 11, 2013 at 8:39 PM, Jon Robson <jdlrob...@gmail.com> wrote: > Many of you on the mailing list should be aware of the troubles that > the style attribute brings to mobile [1,2] and the amount of hacks [3] > that we have to introduce to work around them. > > I still truly believe the only way we can resolve this is a long term > rethink of how we approach custom styling on wiki. I have also heard > from Chris Steipp that there are security implications with allowing > inline styles which such a move would address. > > I have submitted a patch [4] (mostly to share ideas and prompt > discussion - before you pounce on it be aware I have -2ed it to allow > discussion on whether there is a better way to do this - for instance > it might be worthy of a new namespace, it might need more protection > etc.. ). > > All the patch does is allow Template:Foo to have an associated > stylesheet Template:Foo.css which is included in pages that use it. > > So if the San Francisco article uses templates Foo, Bar and Baz, a > style tag will be constructed from the content of Template:Foo.css, > Template:Bar.css and Template:Bar.css and inserted into the page. When > the templates change the entire page San Francisco is changed and thus > the new styling is applied. > > This would reduce the need for css hacks in mobile and keep power in > editors hands. > > On the assumption that this patch makes it into core in some form that > in future the mobile site can strip any style attributes from content > and use the template css files instead and thus benefit from the > ability to use media queries. This could be a long tedious process but > I think it needs to be done. > > Thanks in advance for your discussion and thoughts around this long > standing issue! > ~Jon > > [1] > https://www.mediawiki.org/wiki/Requests_for_comment/Deprecating_inline_styles > [2] https://bugzilla.wikimedia.org/show_bug.cgi?id=35704 > [3] > https://github.com/wikimedia/mediawiki-extensions-MobileFrontend/blob/master/stylesheets/common/mf-hacks.css > [4] https://gerrit.wikimedia.org/r/68123 > > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
