From: Aryeh Gregor
Date: Mon, 18 Jan 2010 01:30:41 +0000 (+0000)
Subject: Strip some microdata attributes when invalid
X-Git-Tag: 1.31.0-rc.0~38217
X-Git-Url: https://git.cyclocoop.org/%242?a=commitdiff_plain;h=4c5e89c1aca97fbca25563c055aa5149f7239e2a;p=lhc%2Fweb%2Fwiklou.git
Strip some microdata attributes when invalid
---
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 0487762205..adfbd5a5ac 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -620,7 +620,7 @@ class Sanitizer {
* @todo Check for unique id attribute :P
*/
static function validateAttributes( $attribs, $whitelist ) {
- global $wgAllowRdfaAttributes;
+ global $wgAllowRdfaAttributes, $wgAllowMicrodataAttributes;
$whitelist = array_flip( $whitelist );
$hrefExp = '/^(' . wfUrlProtocols() . ')[^\s]+$/';
@@ -682,6 +682,29 @@ class Sanitizer {
// Output should only have one attribute of each name.
$out[$attribute] = $value;
}
+
+ if ( $wgAllowMicrodataAttributes ) {
+ # There are some complicated validity constraints we need to
+ # enforce here. First of all, we don't want to allow non-standard
+ # itemtypes.
+ $allowedTypes = array(
+ 'http://microformats.org/profile/hcard',
+ 'http://microformats.org/profile/hcalendar#vevent',
+ 'http://n.whatwg.org/work',
+ );
+ if ( isset( $out['itemtype'] ) && !in_array( $out['itemtype'],
+ $allowedTypes ) ) {
+ # Kill everything
+ unset( $out['itemscope'] );
+ }
+ # itemtype, itemid, itemref don't make sense without itemscope
+ if ( !array_key_exists( 'itemscope', $out ) ) {
+ unset( $out['itemtype'] );
+ unset( $out['itemid'] );
+ unset( $out['itemref'] );
+ }
+ # TODO: Strip itemprop if we aren't descendants of an itemscope.
+ }
return $out;
}
diff --git a/maintenance/parserTests.txt b/maintenance/parserTests.txt
index 1283a4b645..4b45f5852c 100644
--- a/maintenance/parserTests.txt
+++ b/maintenance/parserTests.txt
@@ -7764,6 +7764,32 @@ license.
!! end
+!! test
+Microdata: license example from spec with bad itemtype
+!! input
+
+!! result
+
+
+!! end
+