You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: mathml-safe-list.md
+7-6Lines changed: 7 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,9 +4,10 @@
4
4
MathML-core considers all elements and attributes of MathML-core (as listed in [section 2.1 of MathML-core](https://w3c.github.io/mathml-core/#mathml-elements-and-attributes)) as safe and not needing a sanitziation except the following elements.
5
5
6
6
We recommend the [Sanitzer API](https://wicg.github.io/sanitizer-api/) to sanitize MathML by keeping all elements and attributes except the follwing:
7
-
- any common attribute with HTML attributes which need a sanitzation,
8
-
- the `maction` and `mphantom` elements (the element can be replaced by their first child), and
9
-
- any `annotation` or `annotation-xml` element whose `encoding` attribute is of a media-type that is is either absent or is not among the trusted types or if it contains an `href` attribute.
7
+
- any common attribute with HTML attributes for which need a sanitzation as done in HTML,
8
+
- the `mphantom` element which should be removed,
9
+
- the `maction` elements which should, ideally, be replaced by its first child element, and
10
+
- any `annotation` or `annotation-xml` element whose `encoding` attribute is of a media-type that is is either absent or is not among the trusted types or if it contains an `href` attribute, which should be removed.
10
11
11
12
### Detailed Version
12
13
MathML-core considers the following elements and attributes of MathML-core as safe and not needing sanitization:
@@ -20,7 +21,7 @@ Attributes of MathML-core:
20
21
Moreover, the following attributes have their syntax and semantics specified in the HTML specification. The sanitizer behaviour on these attributes should be as is done on HTML elements: `on*, id, class, style, data-*, autofocus, nonce,tabindex` (for example any javascript should be removed).
21
22
22
23
The elements of MathML-core which need treatment by the sanitizers are the following:
23
-
-`annotation` and `annotation-xml` if their `encoding` attribute is not considered of a safe type (e.g. if the encoding is `text/plain` then it could be kept). If removed, the element should be replaced by its first child.
24
-
-`maction`is replaced by their first child
25
-
-`mphantom`is removed
24
+
-`annotation` and `annotation-xml` if their `encoding` attribute is not considered of a safe type (e.g. if the encoding is `text/plain` then it could be kept). Sanitization should remove these elements.
25
+
-`maction`should be replaced by its first child element.
0 commit comments