Closed Bug 1133359 Opened 5 years ago Closed 5 years ago

Remove SemanticHTML extension

Categories

(Websites :: wiki.mozilla.org, defect)

Production
defect
Not set

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: GPHemsley, Unassigned)

References

(Blocks 1 open bug, )

Details

(Whiteboard: [extension][dev=2015-02-19][stage=2015-02-26][prod=2015-02-26])

Attachments

(1 file)

As jd mentions in bug 1129886, the SemanticHTML extension is a major security issue because it does not sanitize the attributes of the HTML elements it implements.

And aside from that, the elements for which it adds support have long been supported natively by MediaWiki anyway.
I think this should depend on bug 716749, but I don't have access.
Depends on: 716749
Whiteboard: [extension] → [extension][dev=2015-02-19]
This has been pushed to dev: https://wiki-dev.allizom.org/Special:Version

We'll go to production with it next week.
Whiteboard: [extension][dev=2015-02-19] → [extension][dev=2015-02-19][stage=2015-02-26][prod=2015-02-26]
This has been pushed to stage and production. Closing and will let :GPHemsley verify and remove security flag.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Group: websites-security
Status: RESOLVED → VERIFIED
Blocks: 878214
You need to log in before you can comment on or make changes to this bug.