Jim Higson wrote:
So far I'm allowing color face and size, are
there any others the php
parser allows (or should allow?)
Here's what the HTML sanitizer code in 1.5 currently allows:
Common attributes:
'id', 'class', 'lang', 'dir', 'title',
'style'
Specific to <font>:
'size', 'color', 'face'
The <=1.4 code is more permissive as it has only a global attribute
whitelist, and will thus allow attributes that don't actually apply to
the <font> element.
-- brion vibber (brion @
pobox.com)
Thanks.
Just out of interest, what value is attained from allowing id and class in
wikitext? Doesn't this allow people to create messed up pages by setting
id="globalWrapper" or some such thing?