Skip to content

Commit

Permalink
Add note. Also re-generate files.
Browse files Browse the repository at this point in the history
  • Loading branch information
@otherdaniel
otherdaniel committed Jan 17, 2025
1 parent 29c8b82 commit e9fc93f
Show file tree
Hide file tree
Showing 2 changed files with 268 additions and 0 deletions.
261 changes: 261 additions & 0 deletions builtins/safe-default-configuration.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -506,6 +506,243 @@
"namespace": null
}
]
},
{
"name": "math",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "merror",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "mfrac",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "mi",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "mmultiscripts",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "mn",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "mo",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": [
{
"name": "form",
"namespace": null
},
{
"name": "fence",
"namespace": null
},
{
"name": "separator",
"namespace": null
},
{
"name": "lspace",
"namespace": null
},
{
"name": "rspace",
"namespace": null
},
{
"name": "stretchy",
"namespace": null
},
{
"name": "symmetric",
"namespace": null
},
{
"name": "maxsize",
"namespace": null
},
{
"name": "minsize",
"namespace": null
},
{
"name": "largeop",
"namespace": null
},
{
"name": "movablelimits",
"namespace": null
}
]
},
{
"name": "mover",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": [
{
"name": "accent",
"namespace": null
}
]
},
{
"name": "mpadded",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": [
{
"name": "width",
"namespace": null
},
{
"name": "height",
"namespace": null
},
{
"name": "depth",
"namespace": null
},
{
"name": "lspace",
"namespace": null
},
{
"name": "voffset",
"namespace": null
}
]
},
{
"name": "mprescripts",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "mroot",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "mrow",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "ms",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "mspace",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": [
{
"name": "width",
"namespace": null
},
{
"name": "height",
"namespace": null
},
{
"name": "depth",
"namespace": null
}
]
},
{
"name": "msqrt",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "mstyle",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "msub",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "msubsup",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "msup",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "mtable",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "mtd",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": [
{
"name": "columnspan",
"namespace": null
},
{
"name": "rowspan",
"namespace": null
}
]
},
{
"name": "mtext",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "mtr",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
},
{
"name": "munder",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": [
{
"name": "accentunder",
"namespace": null
}
]
},
{
"name": "munderover",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": [
{
"name": "accent",
"namespace": null
},
{
"name": "accentunder",
"namespace": null
}
]
},
{
"name": "semantics",
"namespace": "http://www.w3.org/1998/Math/MathML",
"attributes": []
}
],
"attributes": [
Expand All @@ -520,6 +757,30 @@
{
"name": "title",
"namespace": null
},
{
"name": "dir",
"namespace": null
},
{
"name": "displaystyle",
"namespace": null
},
{
"name": "mathbackground",
"namespace": null
},
{
"name": "mathcolor",
"namespace": null
},
{
"name": "mathsize",
"namespace": null
},
{
"name": "scriptlevel",
"namespace": null
}
]
}
7 changes: 7 additions & 0 deletions index.bs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,11 @@ text: parse HTML from a string; type: dfn; url: https://html.spec.whatwg.org/#pa
"href": "https://cure53.de/fp170.pdf",
"title": "mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations",
"publisher": "Ruhr-Universität Bochum"
},
"SafeMathML": {
"href": "https://w3c.github.io/mathml-docs/mathml-safe-list",
"title": "MathML Safe List",
"publisher": "W3C Math Working Group"
}
}
</pre>
Expand Down Expand Up @@ -768,6 +773,8 @@ path: builtins/safe-default-configuration.json
highlight: json
</pre>

Note: Included [[MathML]] markup is based on [[SafeMathML]].

The <dfn>built-in safe baseline configuration</dfn> is meant to block only
script-content. It is as follows:

Expand Down

0 comments on commit e9fc93f

Please sign in to comment.