Making WordPress.org

Opened 19 months ago

Last modified 19 months ago

#6832 new defect (bug)

Upload of .vtt file refused

Reported by: jdy68's profile jdy68 Owned by:
Milestone: Priority: normal
Component: HelpHub (wordpress.org/documentation) Keywords:
Cc:

Description

Hi,

On the site where we create the posts of the official documentation in french (/fr.wordpress.org/support) we can't upload any *.vtt file, we don't have the necessary permissions.
Also we can't use the feature that allows to add subtitles to videos included in the documentation to make them more accessible.
Please allow us to upload *.vtt files.
Thanks

Change History (1)

#1 @dd32
19 months ago

For security purposes, *.vtt wouldn't be currently on the allow list, due to the potential contents of the files. For example, https://owasp.org/www-community/attacks/Xss_in_subtitle

Before we can move forward with this, someone is going to need to bring over the sanitizer from WordPress.TV or another project to allow sanitisation of the uploaded subtitle files.

Note: See TracTickets for help on using tickets.