From e192507d07100d3c9aee532c6e0da5887749d3a3 Mon Sep 17 00:00:00 2001 From: Daniel Kinzler Date: Sun, 22 Jan 2012 20:46:39 +0000 Subject: [PATCH] reverting r109723 because of slush. --- RELEASE-NOTES-1.19 | 3 --- includes/DefaultSettings.php | 10 ---------- includes/Sanitizer.php | 24 +----------------------- 3 files changed, 1 insertion(+), 36 deletions(-) diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19 index b7d11648c4..0150d359fa 100644 --- a/RELEASE-NOTES-1.19 +++ b/RELEASE-NOTES-1.19 @@ -26,9 +26,6 @@ production. * (bug 32239) Removed wgEnableTooltipsAndAccesskeys. * Removed $wgVectorShowVariantName. * Removed $wgExtensionAliasesFiles. Use wgExtensionMessagesFiles. -* Introduced $wgAllowATag to allow tags to be used for external links, - so rel and ref attributes can be used with microdata resp RDFa. - Defaults is false. === New features in 1.19 === * (bug 19838) Possibility to get all interwiki prefixes if the interwiki diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 088a5f930e..3b38281910 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -2238,13 +2238,11 @@ $wgAllowRdfaAttributes = false; /** * Enabled HTML5 microdata attributes for use in wikitext, if $wgHtml5 is also true. - * See also $wgAllowATag. */ $wgAllowMicrodataAttributes = false; /** * Cleanup as much presentational html like valign -> css vertical-align as we can - * See also $wgAllowATag. */ $wgCleanupPresentationalAttributes = true; @@ -2976,14 +2974,6 @@ $wgEnableImageWhitelist = true; */ $wgAllowImageTag = false; -/** - * Allow tags for specifying external links, so it becomes possible to - * provide ref and rel attributes. This allows for microdata/microformats/RDFa - * annotations to be embedded on wiki pages. See also $wgAllowRdfaAttributes - * and $wgAllowMicrodataAttributes. - */ -$wgAllowATag = false; - /** * $wgUseTidy: use tidy to make sure HTML output is sane. * Tidy is a free tool that fixes broken HTML. diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php index 3f7175a195..196abd9f43 100644 --- a/includes/Sanitizer.php +++ b/includes/Sanitizer.php @@ -407,11 +407,6 @@ class Sanitizer { $htmlsingleonly[] = 'img'; } - global $wgAllowATag; - if ( $wgAllowATag ) { - $htmlpairsStatic[] = 'a'; - } - $htmlsingleallowed = array_unique( array_merge( $htmlsingle, $tabletags ) ); $htmlelementsStatic = array_unique( array_merge( $htmlsingle, $htmlpairsStatic, $htmlnest ) ); @@ -802,23 +797,6 @@ class Sanitizer { } } - if ( $attribute === 'href' || $attribute === 'src' ) { - if ( !preg_match( $hrefExp, $value ) ) { - continue; //drop any href or src attributes not using an allowed protocol. - //NOTE: this also drops all relative URLs - } - } - - //RDFa properties allow URIs. check them - if ( $attribute === 'rel' || $attribute === 'rev' || - $attribute === 'about' || $attribute === 'property' || $attribute === 'resource' || - $attribute === 'datatype' || $attribute === 'typeof' ) { - //Paranoia. Allow "simple" values but suppress javascript - if ( preg_match( '/(^|\s)javascript\s*:/i', $value ) ) { - continue; - } - } - // If this attribute was previously set, override it. // Output should only have one attribute of each name. $out[$attribute] = $value; @@ -1594,7 +1572,7 @@ class Sanitizer { 'td' => array_merge( $common, $tablecell, $tablealign ), 'th' => array_merge( $common, $tablecell, $tablealign ), - # 12.2 + # 12.2 # NOTE: is not allowed directly, but the attrib whitelist is used from the Parser object 'a' => array_merge( $common, array( 'href', 'rel', 'rev' ) ), # rel/rev esp. for RDFa # 13.2 -- 2.20.1