https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23978
--- Comment #7 from David Cook <[email protected]> --- (In reply to Martin Renvoize from comment #6) > Is there a more secure way of doing this rather than just exposing the raw > html.. I feel like we're just undoing a security flaw we fixed for a reason. Yeah I don't think we can just expose the raw HTML. One option would be to use the HTML scrubber. I think there are quite a few parts of Koha where people want to use HTML, but could be limited to a fairly small subset of elements and attributes. > Is it time to use markdown for rich text or perhaps for linebreaks just > outputting the note field in a pre/code block? For line breaks, the "html_line_break" filter can be useful. For notes, adding that line break filter would make sense. I don't know that any other HTML features would really needed though. If they were to be added, I think we'd have to scrub them first. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
