HTML sanitizing of extmetadata makes hidden content visible
Closed, ResolvedPublic
Actions

Assigned To

None

Authored By

	Tgr
	Mar 26 2014, 6:22 PM

Description

Some templates store metadata in display:none-ed text; MediaViewer's whitelistHtml function makes this metadata visible. E.g. permission text shown for PD images starts with "Public domainPublic domainfalsefalse".

Version: unspecified
Severity: normal
URL: https://www.mediawiki.org/wiki/File:Annotated_screenshot_of_bug_in_Media_Viewer%27s_license_display.png

Details

Reference: bz63126

Event Timeline

• bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:05 AM

• bzimport added a project: MediaViewer.

• bzimport set Reference to bz63126.

• bzimport added a subscriber: Unknown Object (MLST).

Tgr created this task.Mar 26 2014, 6:22 PM

Change 121282 had a related patch set uploaded by Gergő Tisza:
Utilities to transform HTML to plain or filtered tests

https://gerrit.wikimedia.org/r/121282

Change 121282 merged by jenkins-bot:
Utilities to transform HTML to plain or filtered text

https://gerrit.wikimedia.org/r/121282

• Gilles added a project: Multimedia.Dec 4 2014, 9:26 AM

• Gilles triaged this task as Unbreak Now! priority.Dec 4 2014, 10:11 AM

• Gilles moved this task from Untriaged to Done on the Multimedia board.

• Gilles lowered the priority of this task from Unbreak Now! to Needs Triage.Dec 4 2014, 11:22 AM

HTML sanitizing of extmetadata makes hidden content visibleClosed, ResolvedPublicActions

Description

Details

Event Timeline

HTML sanitizing of extmetadata makes hidden content visible
Closed, ResolvedPublic
Actions