Switch to a whitelist sanitizer instead of blacklist #271
Comments
|
Yeah, it's a bit of a pain. A whitelist would definitely be better than the hunt-and-peck approach we have now. We had a bunch of problems with kses the first time around, which is why we ditched it (although, there are a bunch of problems with DOMDocument too; just can't win 💩). I think there's a few challenges though:
But like I said, definitely would be better than what we have in terms of completeness and validity. |
|
I've gone down the rabbit hole of reviewing a large sample of about 15,000 indexing errors on a very large site. I may put in a few basic fixes in the theme to clean out some common issues. However, more than ever, I definitely think the full whitelist based on the spec is the only way we'll ever get close to zero errors. |
|
Lullabot's amp-library has a PHP version of the spec which we could potentially work with: https://github.com/Lullabot/amp-library/blob/master/src/Spec/validator-generated.php |
mjangda
changed the title
mjangda
changed the title
I've found a number of AMP validation errors that are occurring after reviewing Google Webmaster Tools. Many are because AMP incompatible attributes like
target="new"on hrefs andsizeto style elements are not being stripped out. There are other examples of user-generated markup in the post body that are failing validation.I'm wondering if creating an
allowed_htmlarray from the AMP validator spec and pushing the body throughwp_ksesmight address it? Open to ideas on a cleaner way to proceed if this is being worked on.I'll probably just address a few by hand that are creating the bulk of the issues for us and definitely #130.
Related to #130, #253, #237.
The text was updated successfully, but these errors were encountered: