254
edits
Platform/HTML5 sanitizer: Difference between revisions
Microdata
(Microdata) |
|||
| Line 9: | Line 9: | ||
* Have three lists of attributes that take URLs. Drop the attributes when they have prohibited URLs (after trimming whitespace from the value). | * Have three lists of attributes that take URLs. Drop the attributes when they have prohibited URLs (after trimming whitespace from the value). | ||
** Resolve relative URLs into absolute ones using a per fragment base URL. (Is this correct for Gecko reqs? Current code uses the node's base URI. Is that right?) | ** Resolve relative URLs into absolute ones using a per fragment base URL. (Is this correct for Gecko reqs? Current code uses the node's base URI. Is that right?) | ||
** However, allow any URL in the src attribute on the img element, because imgs are safe. {{bug|572637}} | ** However, allow any URL in the src attribute on the img element, because imgs are safe. {{bug|572637}} | ||
* Have a list of SVG attributes that take different-document references. | * Have a list of SVG attributes that take different-document references. | ||
| Line 24: | Line 23: | ||
* Should Semantic MathML be on the white list for clipboard round-tripping? (Mainly a footprint issue.) | * Should Semantic MathML be on the white list for clipboard round-tripping? (Mainly a footprint issue.) | ||
* Is it dangerous for SVG fragment id references to be able to refer to an id in the document the untrusted fragment gets inserted into? | * Is it dangerous for SVG fragment id references to be able to refer to an id in the document the untrusted fragment gets inserted into? | ||
* What to do about HTML5 microdata? | |||
==Non-Gecko Requirements== | ==Non-Gecko Requirements== | ||