Opened 6 years ago
Last modified 3 years ago
#3 new enhancement
Define the HTML tag policy for titles, descriptions, minutes...
| Reported by: | pferreir | Owned by: | |
|---|---|---|---|
| Priority: | high | Milestone: | v2.1 |
| Component: | General | Version: | 0.98-dev |
| Keywords: | Cc: |
Description (last modified by admin)
The policy regarding HTML should be defined, for different cases:
- Titles - Currently allowed, but will sometimes break the markup (not to speak of the effect it has on metadata). Since we currently allow CSS customization, maybe we could just get rid of it for good;
- Descriptions - Mixed feelings here - a limited set of HTML would be OK. Once again, CSS customization should compensate for this;
- Minutes - Should not have more freedom than descriptions or titles - inline minutes can break the layout;
HTML is no easy to cope with. We could either:
- use some other format (WikiMarkup??) and then convert it to HTML in render time. We would then have the full control over the "safety" of the HTML;
- remove/reject all the HTML except for tags inside a "whitelist";
Number 2 seems to be the most feasible right now.
Change History (5)
comment:1 Changed 6 years ago by admin
- Description modified (diff)
comment:2 Changed 6 years ago by pferreir
- Version set to 0.98
comment:3 Changed 5 years ago by jbenito
- Milestone changed from v0.98 to v1.0
- Priority changed from normal to high
comment:4 Changed 5 years ago by pferreir
comment:5 Changed 3 years ago by jbenito
- Milestone changed from v1.0 to v1.3
Note: See
TracTickets for help on using
tickets.
This is partially done (whitelisting). However, we are still missing an input system that accepts either plain text or html (or other possible formats) and records the choice, making whitelisting or complete escaping possible and avoiding problems related with '<' and '>' in plain text.
Note that input is being completely escaped i.e. for abstract submission, and a choice should be given instead.