New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sanitise language_attributes() #531

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
3 participants
@Maxime2
Contributor

Maxime2 commented Oct 12, 2016

Some plugins, e.g. Add Meta Tags, may alter language_attributes() using 'language_attributes' filter and adding XML-related attributes which are disallowed (see https://www.ampproject.org/docs/reference/spec#required-markup )

So we need to sanitise this as well. This patch solves this problem.

@mjangda

This comment has been minimized.

Show comment
Hide comment
@mjangda

mjangda Oct 12, 2016

Member

Thanks for the PR.

The reason we added language_attributes was to make sure lang and dir attributes were added for non-English sites.

I think instead of trying to strip out prefix and xmlns attributes, it might be better just to add lang and dir attributes manually (especially since there may be other blacklisted attributes as well). Thoughts?

Member

mjangda commented Oct 12, 2016

Thanks for the PR.

The reason we added language_attributes was to make sure lang and dir attributes were added for non-English sites.

I think instead of trying to strip out prefix and xmlns attributes, it might be better just to add lang and dir attributes manually (especially since there may be other blacklisted attributes as well). Thoughts?

@Maxime2

This comment has been minimized.

Show comment
Hide comment
@Maxime2

Maxime2 Oct 12, 2016

Contributor

Yes we seems may just put lang and dir attributes manually having <html amp> specified.
Though, there could be more valid attributes, especially those accessibility related, https://www.w3.org/TR/html5/semantics.html#the-html-element

Contributor

Maxime2 commented Oct 12, 2016

Yes we seems may just put lang and dir attributes manually having <html amp> specified.
Though, there could be more valid attributes, especially those accessibility related, https://www.w3.org/TR/html5/semantics.html#the-html-element

@JoryHogeveen

This comment has been minimized.

Show comment
Hide comment
@JoryHogeveen

JoryHogeveen Oct 12, 2016

I would say this could have its own function/filter that adds the default lang and dir. Other plugins can hook into that filter to add their own AMP specific parameters.

Or use the currenct $doctype in language_attributes() parameter to pass a value like amphtml so plugin's can validate before adding anything.

JoryHogeveen commented Oct 12, 2016

I would say this could have its own function/filter that adds the default lang and dir. Other plugins can hook into that filter to add their own AMP specific parameters.

Or use the currenct $doctype in language_attributes() parameter to pass a value like amphtml so plugin's can validate before adding anything.

mjangda added a commit that referenced this pull request Oct 13, 2016

Drop language_attributes
And just manually set up and output lang+rtl attributes instead. Other
plugins were using language_attributes to output things like `prefix`
and `xmlns` attributes, which break validation.

h/t @Maxime2 for the initial PR (#531)

@mjangda mjangda referenced this pull request Oct 13, 2016

Merged

Drop language_attributes #537

@mjangda

This comment has been minimized.

Show comment
Hide comment
@mjangda

mjangda Oct 13, 2016

Member

This was fixed in #537

Member

mjangda commented Oct 13, 2016

This was fixed in #537

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment