Remove SemanticHTML extension

VERIFIED FIXED

Status

Websites
wiki.mozilla.org
VERIFIED FIXED
3 years ago
2 years ago

People

(Reporter: GPHemsley, Unassigned)

Tracking

(Blocks: 1 bug)

Production
Dependency tree / graph

Details

(Whiteboard: [extension][dev=2015-02-19][stage=2015-02-26][prod=2015-02-26], URL)

Attachments

(1 attachment)

(Reporter)

Description

3 years ago
As jd mentions in bug 1129886, the SemanticHTML extension is a major security issue because it does not sanitize the attributes of the HTML elements it implements.

And aside from that, the elements for which it adds support have long been supported natively by MediaWiki anyway.
(Reporter)

Comment 1

3 years ago
Testcase: https://wiki.mozilla.org/MozillaWiki:Testing/Testcases/Extensions/SemanticHTML
(Reporter)

Comment 2

3 years ago
Created attachment 8564775 [details] [review]
Remove SemanticHTML extension
(Reporter)

Comment 3

3 years ago
I think this should depend on bug 716749, but I don't have access.
(Reporter)

Updated

3 years ago
Depends on: 716749
Whiteboard: [extension] → [extension][dev=2015-02-19]
This has been pushed to dev: https://wiki-dev.allizom.org/Special:Version

We'll go to production with it next week.
Whiteboard: [extension][dev=2015-02-19] → [extension][dev=2015-02-19][stage=2015-02-26][prod=2015-02-26]
This has been pushed to stage and production. Closing and will let :GPHemsley verify and remove security flag.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
(Reporter)

Updated

3 years ago
Group: websites-security
Status: RESOLVED → VERIFIED
(Reporter)

Updated

2 years ago
Blocks: 878214
You need to log in before you can comment on or make changes to this bug.