First draft: MathML safelist

builtins/safe-default-configuration.py

@@ -24,11 +24,17 @@ def main():
         pass
       elif line.startswith("- "):
         current.append({ "name": line[2:], "namespace": None })
-      elif line == "[HTML Global]":
+      elif line.startswith("[") and line.endswith("Global]"):
         current = result["attributes"]
       else:
-        elem = { "name": line, "namespace": "http://www.w3.org/1999/xhtml",
-                 "attributes": [] }
+        if line.startswith("math "):
+          elem = {"name": line[5:],
+                  "namespace": "http://www.w3.org/1998/Math/MathML"}
+        elif line.startswith("svg "):
+          elem = {"name": line[4:], "namespace": "http://www.w3.org/2000/svg"}
+        else:
+          elem = {"name": line, "namespace": "http://www.w3.org/1999/xhtml"}
+        elem["attributes"] = []
         result["elements"].append(elem)
         current = elem["attributes"]
 

builtins/safe-default-configuration.txt

@@ -169,3 +169,70 @@ th
 - lang
 - title
 
+// MathML, per https://github.com/WICG/sanitizer-api/issues/103#issuecomment-2591328351
+
+math math
+math merror
+math mfrac
+math mi
+math mmultiscripts
+math mn
+math mo
+- form
+- fence
+- separator
+- lspace
+- rspace
+- stretchy
+- symmetric
+- maxsize
+- minsize
+- largeop
+- movablelimits
+math mover
+- accent
+math mpadded
+- width
+- height
+- depth
+- lspace
+- voffset
+math mprescripts
+math mroot
+math mrow
+math ms
+math mspace
+- width
+- height
+- depth
+math msqrt
+math mstyle
+math msub
+math msubsup
+math msup
+math mtable
+math mtd
+- columnspan
+- rowspan
+math mtext
+math mtr
+math munder
+- accentunder
+math munderover
+- accent
+- accentunder
+math semantics
+
+[MathML Global]
+- dir
+- displaystyle
+- mathbackground
+- mathcolor
+- mathsize
+- scriptlevel
+- encoding
+- display
+- linethickness
+- intent
+- arg
+