Follow up r65286. If we are going to support <img we should support width and height

attributes, too. Since there's a potential for creating webbugs of 1x1px we might want
to enforce a minimum size for them. But that has always existed when the attacker provides
the image.

The sanitizer isn't treating numeric-like arguments in a special way. That is something
to fix.

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 35908b9..3d9317e 100644 (file)
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -1411,7 +1411,7 @@ class Sanitizer {
                        # Not usually allowed, but may be used for extension-style hooks
                        # such as <math> when it is rasterized, or if $wgAllowImageTag is
                        # true
-                       'img'        => array_merge( $common, array( 'alt', 'src' ) ),
+                       'img'        => array_merge( $common, array( 'alt', 'src', 'width', 'height' ) ),
 
                        # 15.2.1
                        'tt'         => $common,