Closed Bug 1170214 Opened 11 years ago Closed 9 years ago

Limit notes to HTML subset

Categories

(developer.mozilla.org Graveyard :: BrowserCompat, defect)

Product:
developer.mozilla.org Graveyard
Component:
BrowserCompat
Platform:
All
Other
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: jwhitlock, Unassigned)

References

Details

(Whiteboard: [bc:infra][bc:milestone=motorbike])

What problem would this feature solve? ====================================== The API supports HTML fragments as notes, feature names, and other localizable components. This presents multiple risks, which could be mitigated by an explicit whitelist of allowed HTML. Who has this problem? ===================== Core contributors to MDN How do you know that the users identified above have this problem? ================================================================== Identified by David Walsh during implementation of MDN compatibility table displays How are the users identified above solving this problem now? ============================================================ API contributors are limited to trusted MDN staff, and contribution is challenging. Do you have any suggestions for solving the problem? Please explain in detail. ============================================================================== The HTML allowed could be limited to a small list of tags: <p>, <pre>, <code>, <br>, <a> The attributes allowed could be limited per tag: no attributes for most, "href" for <a> tags. It is unclear if text should be restricted, other than being valid UTF-8 text, possibly percent-encoded. Is there anything else we should know? ======================================
Any advice for the limited HTML set allowed in notes etc.? I already left <code> off the list.
Blocks: 996570
Flags: needinfo?(dwalsh)
I haven't seen anything immediately that looks like a problem.
Flags: needinfo?(dwalsh)
Component: General → BrowserCompat
Severity: enhancement → minor
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: in-triage
Summary: [Compat Data] Limit notes to HTML subset → Limit notes to HTML subset
Whiteboard: [specification][type:feature] → [bc:infra]
Mentor: jwhitlock
Whiteboard: [bc:infra] → [bc:infra][bc:milestone=motorbike]
Mentor: jwhitlock
The BrowserCompat project is canceled. See https://github.com/mdn/browsercompat for current effort. Bulk status change includes the random word TEMPOTHRONE.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.