Platform/HTML5 sanitizer: Difference between revisions

Jump to navigation Jump to search

Platform/HTML5 sanitizer (view source)

Revision as of 13:24, 11 January 2011

54 bytes added ,  11 January 2011
→‎Gecko Requirements
Line 6: Line 6:
* Have three attribute white lists: HTML, SVG and MathML. The attributes don't depend on the element they are on beyond the element namespace.
* Have three attribute white lists: HTML, SVG and MathML. The attributes don't depend on the element they are on beyond the element namespace.
* Have three lists of attributes that take URLs. Drop the attributes when they have prohibited URLs (after trimming whitespace from the value).
* Have three lists of attributes that take URLs. Drop the attributes when they have prohibited URLs (after trimming whitespace from the value).
** Resolve relative URLs into absolute ones using a per fragment base URL. (Is this correct for Gecko reqs?)
** Resolve relative URLs into absolute ones using a per fragment base URL. (Is this correct for Gecko reqs? Current code uses the node's base URI. Is that right?)
** Why is whitespace trimmed before the security check?
** Why is whitespace trimmed before the security check?
** However, allow any URL in the src attribute on the img element, because imgs are safe. {{bug|572637}}
** However, allow any URL in the src attribute on the img element, because imgs are safe. {{bug|572637}}
Hsivonen
254

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/276951"

Navigation menu