From e9fc93ffd4f5e3314e439ba5c9fadac1e7ce72f7 Mon Sep 17 00:00:00 2001 From: Daniel Vogelheim Date: Fri, 17 Jan 2025 14:14:38 +0100 Subject: [PATCH] Add note. Also re-generate files. --- builtins/safe-default-configuration.json | 261 +++++++++++++++++++++++ index.bs | 7 + 2 files changed, 268 insertions(+) diff --git a/builtins/safe-default-configuration.json b/builtins/safe-default-configuration.json index 88f5b32..3737c0b 100644 --- a/builtins/safe-default-configuration.json +++ b/builtins/safe-default-configuration.json @@ -506,6 +506,243 @@ "namespace": null } ] + }, + { + "name": "math", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "merror", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "mfrac", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "mi", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "mmultiscripts", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "mn", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "mo", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [ + { + "name": "form", + "namespace": null + }, + { + "name": "fence", + "namespace": null + }, + { + "name": "separator", + "namespace": null + }, + { + "name": "lspace", + "namespace": null + }, + { + "name": "rspace", + "namespace": null + }, + { + "name": "stretchy", + "namespace": null + }, + { + "name": "symmetric", + "namespace": null + }, + { + "name": "maxsize", + "namespace": null + }, + { + "name": "minsize", + "namespace": null + }, + { + "name": "largeop", + "namespace": null + }, + { + "name": "movablelimits", + "namespace": null + } + ] + }, + { + "name": "mover", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [ + { + "name": "accent", + "namespace": null + } + ] + }, + { + "name": "mpadded", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [ + { + "name": "width", + "namespace": null + }, + { + "name": "height", + "namespace": null + }, + { + "name": "depth", + "namespace": null + }, + { + "name": "lspace", + "namespace": null + }, + { + "name": "voffset", + "namespace": null + } + ] + }, + { + "name": "mprescripts", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "mroot", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "mrow", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "ms", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "mspace", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [ + { + "name": "width", + "namespace": null + }, + { + "name": "height", + "namespace": null + }, + { + "name": "depth", + "namespace": null + } + ] + }, + { + "name": "msqrt", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "mstyle", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "msub", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "msubsup", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "msup", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "mtable", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "mtd", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [ + { + "name": "columnspan", + "namespace": null + }, + { + "name": "rowspan", + "namespace": null + } + ] + }, + { + "name": "mtext", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "mtr", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] + }, + { + "name": "munder", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [ + { + "name": "accentunder", + "namespace": null + } + ] + }, + { + "name": "munderover", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [ + { + "name": "accent", + "namespace": null + }, + { + "name": "accentunder", + "namespace": null + } + ] + }, + { + "name": "semantics", + "namespace": "http://www.w3.org/1998/Math/MathML", + "attributes": [] } ], "attributes": [ @@ -520,6 +757,30 @@ { "name": "title", "namespace": null + }, + { + "name": "dir", + "namespace": null + }, + { + "name": "displaystyle", + "namespace": null + }, + { + "name": "mathbackground", + "namespace": null + }, + { + "name": "mathcolor", + "namespace": null + }, + { + "name": "mathsize", + "namespace": null + }, + { + "name": "scriptlevel", + "namespace": null } ] } \ No newline at end of file diff --git a/index.bs b/index.bs index f9636d4..c7745e1 100644 --- a/index.bs +++ b/index.bs @@ -39,6 +39,11 @@ text: parse HTML from a string; type: dfn; url: https://html.spec.whatwg.org/#pa "href": "https://cure53.de/fp170.pdf", "title": "mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations", "publisher": "Ruhr-Universität Bochum" + }, + "SafeMathML": { + "href": "https://w3c.github.io/mathml-docs/mathml-safe-list", + "title": "MathML Safe List", + "publisher": "W3C Math Working Group" } } @@ -768,6 +773,8 @@ path: builtins/safe-default-configuration.json highlight: json +Note: Included [[MathML]] markup is based on [[SafeMathML]]. + The built-in safe baseline configuration is meant to block only script-content. It is as follows: