htmlscrubber: Also allow some other html5 tags: canvas, progress, meter, ruby, rt, rp, details, summary.
parent
f1e2d0af12
commit
790a339db1
|
@ -85,7 +85,7 @@ sub scrubber {
|
|||
|
||||
video audio source section nav article aside hgroup
|
||||
header footer figure figcaption time mark canvas
|
||||
datalist
|
||||
datalist progress meter ruby rt rp details summary
|
||||
}],
|
||||
default => [undef, { (
|
||||
map { $_ => 1 } qw{
|
||||
|
@ -104,10 +104,10 @@ sub scrubber {
|
|||
|
||||
autofocus autoplay preload loopstart
|
||||
loopend end playcount controls pubdate
|
||||
placeholder min max step form required
|
||||
autocomplete novalidate pattern list
|
||||
formenctype formmethod formnovalidate
|
||||
formtarget reversed
|
||||
placeholder min max step low high optimum
|
||||
form required autocomplete novalidate pattern
|
||||
list formenctype formmethod formnovalidate
|
||||
formtarget reversed spellcheck open
|
||||
} ),
|
||||
"/" => 1, # emit proper <hr /> XHTML
|
||||
href => $safe_url_regexp,
|
||||
|
|
|
@ -7,7 +7,8 @@ ikiwiki (3.20100428) UNRELEASED; urgency=low
|
|||
did not support building urls from utf-8 strings. Closes: #579713
|
||||
* htmlscrubber: Allow html5 semantic tags: section nav article aside hgroup
|
||||
header footer figure figcaption time mark
|
||||
* htmlscrubber: Also allow html5 canvas tags.
|
||||
* htmlscrubber: Also allow some other html5 tags: canvas, progress, meter,
|
||||
ruby, rt, rp, details, summary.
|
||||
* htmlscrubber: Round out html5 video support with the preload
|
||||
attribute and the source tag.
|
||||
* htmlscrubber: Allow the html5 form attributes: placeholder autofocus,
|
||||
|
|
|
@ -68,23 +68,29 @@ HTML5](http://www.w3.org/TR/html5-diff/).
|
|||
> * Use nav for the actionbar
|
||||
> * Use placeholder in the search box. Allows closing
|
||||
> [[this_todo|Add_label_to_search_form_input_field]]
|
||||
> * Use details tag instead of the javascript in the toggle plugin.
|
||||
> (Need to wait on browser support probably.)
|
||||
> --[[Joey]]
|
||||
|
||||
# htmlscrubber.pm needs to not scrub new HTML5 elements
|
||||
|
||||
* [new elements](http://www.w3.org/TR/html5-diff/#new-elements)
|
||||
|
||||
> Most of these can be supported trivially, since they are just semantic
|
||||
> markup. Make a list of these, and their attributes (and which attributes
|
||||
> can contain urls or other javascript injection mechanisms), and I can add
|
||||
> them. (Added several now.) Others, like `embed` are *scary*. --[[Joey]]
|
||||
|
||||
> Many added now.
|
||||
>
|
||||
> Things I left out, too hard to understand today:
|
||||
> Attributes contenteditabl, contextmenu,
|
||||
> data-*, draggable, hidden, role, aria-*. Tags command, keygen,
|
||||
> output.
|
||||
>
|
||||
> Clearly unsafe: embed.
|
||||
>
|
||||
> Apparently cannot be used w/o javascript: menu.
|
||||
>
|
||||
> I have not added the new `ping` attribute, because parsing a
|
||||
> space-separeated list of urls to avoid javascript injection is annoying,
|
||||
> and the attribute seems generally dubious.
|
||||
>
|
||||
> Need to understand better the attributes contenteditabl, contextmenu,
|
||||
> data-*, draggable, hidden, role, aria-*. Have not added those. --[[Joey]]
|
||||
> --[[Joey]]
|
||||
|
||||
# HTML5 Validation and t/html.t
|
||||
|
||||
|
|
Loading…
Reference in New Issue