Hey Greg and Pieter, Thanks for the report. This would seem to be an important feature if there are going to be a lot of tools producing rich HTML output - though I wonder if in some of these cases the visualization plugin framework might be the superior way to render these results (though admittedly no tool shed integration then). I have created a Trello card here - please vote, comment, etc... :
https://trello.com/c/8iMhKlPX -John On Mon, Jan 13, 2014 at 9:21 AM, Greg Von Kuster <g...@bx.psu.edu> wrote: > Hello Pieter, > > Please make sure to address items like this to the > galaxy-dev@lists.bx.psu.edu mailing list rather than individual email > accounts as that will ensure more timely responses that include more optimal > feedback. > > Sanitizing values from input text fields on tools and other Galaxy forms is > an essential part of ensuring that the values will not wreak havoc within > the Galaxy environment. Opening this up to being optional may be a concern > to some Galaxy administrators. In any case, the Tool Shed probably should > not have the ability to define the use of this feature since it has no > affect within any of the Tool Shed environment ( only Galaxy or other > applications in which things are installed from the Tool Shed will be > affected ). So if it is decided by the Galaxy community that this feature ( > i.e., sanitizing form text field values ) should be enhanced or altered, > changes should be made within the Galaxy environment rather than the Tool > Shed. > > As input regarding this request comes in from the community, perhaps we can > create an appropriate Trello card to capture the direction we should go. > > Thanks very much for your request on this! > > Greg Von Kuster > > > On Jan 13, 2014, at 6:16 AM, "Lukasse, Pieter" <pieter.luka...@wur.nl> > wrote: > > Hi Greg, > > I have some tools which produce HTML and the default setting of the option > sanitize_all_html will give problems and/or make the output look ugly. Would > it be an option to let the administrator decide, for each tool he installs, > whether this option should apply or not? Now is a global setting which > applies to all tools, and in practice this results in it being set to > “false”....which means that in practice this is a “pseudo security item” as > it will not be used that often. > > The alternative I have been thinking about is to add a checkbox to the > “manage repository” screen to allow the admin to turn this feature on/off > for a specific repository. See also the screenshot below. Maybe you are > already working in this direction, but I thought I’d just share this idea > with you. > > <image001.png> > > Best regards, > > > Pieter Lukasse > > Wageningen UR, Plant Research International > > Departments of Bioscience and Bioinformatics > > Wageningen Campus, Building 107, Droevendaalsesteeg 1, 6708 PB, > Wageningen, the Netherlands > > +31-317481122; skype: pieter.lukasse.wur > > http://www.pri.wur.nl > > > > > > ___________________________________________________________ > Please keep all replies on the list by using "reply all" > in your mail client. To manage your subscriptions to this > and other Galaxy lists, please use the interface at: > http://lists.bx.psu.edu/ > > To search Galaxy mailing lists use the unified search at: > http://galaxyproject.org/search/mailinglists/ ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
