Maybe a dumb follow-up question, but I just don't know much about web
server security:
Why does sanitization have to care about in-document style information?
On 03.11.2017 17:49, Dannon Baker wrote:
Hi Wolfgang,
As a security measure, we added sanitization by default of content
displayed as HTML. Local galaxy administrators can use the display
whitelist (left side of the admin window) to configure 'safe'
applications, which will then no longer be sanitized on display. Let me
know if this doesn't solve the problem for you!
-Dannon
On Fri, Nov 3, 2017 at 12:37 PM, Wolfgang Maier
<[email protected]
<mailto:[email protected]>> wrote:
Dear all,
until recently extra html files linked from html datasets got
displayed with style information applied, but this seems to have
changed.
I did not investigate the change in detail, but is this a
consequence of the backported
https://docs.galaxyproject.org/en/master/releases/17.09_announce.html#cross-site-scripting-and-session-fixation
<https://docs.galaxyproject.org/en/master/releases/17.09_announce.html#cross-site-scripting-and-session-fixation>?
Is downloading the zipped data and opening it locally now the only
way to view styled html?
Have a nice weekend,
Wolfgang
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
https://lists.galaxyproject.org/ <https://lists.galaxyproject.org/>
To search Galaxy mailing lists use the unified search at:
http://galaxyproject.org/search/ <http://galaxyproject.org/search/>
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at:
http://galaxyproject.org/search/
