---
** [tickets:#4644] Don't whitelist form elements in markdown processing**
**Status:** in-progress
**Milestone:** unreleased
**Labels:** ux
**Created:** Wed Aug 01, 2012 09:48 PM UTC by Dave Brondsema
**Last Updated:** Wed Mar 11, 2015 10:43 AM UTC
**Owner:** Dave Brondsema
`<textarea>` is whitelisted, but pretty useless (and surprising) to see
rendered as a real textarea. There doesn't seem to be a use for any form
element to be rendered.
Our HTMLSanitizer preprocessor uses feedparser._HTMLSanitizer. We could
subclass that to remove items from acceptable_elements.
It would be nice if these were automatically escaped, rather than removed.
---
Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed
to https://forge-allura.apache.org/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is
a mailing list, you can unsubscribe from the mailing list.
