- **status**: in-progress --> closed
--- ** [tickets:#4644] Don't whitelist form elements in markdown processing** **Status:** closed **Milestone:** unreleased **Labels:** ux **Created:** Wed Aug 01, 2012 09:48 PM UTC by Dave Brondsema **Last Updated:** Tue Jun 21, 2016 02:31 PM UTC **Owner:** Dave Brondsema `<textarea>` is whitelisted, but pretty useless (and surprising) to see rendered as a real textarea. There doesn't seem to be a use for any form element to be rendered. Our HTMLSanitizer preprocessor uses feedparser._HTMLSanitizer. We could subclass that to remove items from acceptable_elements. It would be nice if these were automatically escaped, rather than removed. --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
