-
Notifications
You must be signed in to change notification settings - Fork 384
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch to a whitelist sanitizer instead of blacklist #271
Comments
Yeah, it's a bit of a pain. A whitelist would definitely be better than the hunt-and-peck approach we have now. We had a bunch of problems with kses the first time around, which is why we ditched it (although, there are a bunch of problems with DOMDocument too; just can't win 💩). I think there's a few challenges though:
But like I said, definitely would be better than what we have in terms of completeness and validity. |
I've gone down the rabbit hole of reviewing a large sample of about 15,000 indexing errors on a very large site. I may put in a few basic fixes in the theme to clean out some common issues. However, more than ever, I definitely think the full whitelist based on the spec is the only way we'll ever get close to zero errors. |
Lullabot's amp-library has a PHP version of the spec which we could potentially work with: https://github.com/Lullabot/amp-library/blob/master/src/Spec/validator-generated.php |
I've found a number of AMP validation errors that are occurring after reviewing Google Webmaster Tools. Many are because AMP incompatible attributes like
target="new"
on hrefs andsize
to style elements are not being stripped out. There are other examples of user-generated markup in the post body that are failing validation.I'm wondering if creating an
allowed_html
array from the AMP validator spec and pushing the body throughwp_kses
might address it? Open to ideas on a cleaner way to proceed if this is being worked on.I'll probably just address a few by hand that are creating the bulk of the issues for us and definitely #130.
Related to #130, #253, #237.
The text was updated successfully, but these errors were encountered: