I will start with ROL-2150, as I can see some security vulnerabilities
associated with JavaScript libraries. As a part of this effort, I intend to
create a new Security page of Roller but I think should be part of a
separate thread.
One more thought came to my mind is, we create a separate branch
Interesting points raised Dave.
I am inclined with Nitin and Aditya.
I feel demo instance is critical for new adoption since this is always the
entry point for adoptors :-)
As mentioned by Aditya, In OFBiz, the inputs of text editors are sanitized.
Adding to it, some places of backend screens
That makes sense.
As far as I know OFBiz, input that involve text editors is sanitized.
Adding to Nitin's inputs. We can use libraries like Jsoup[1] at back end to
properly sanitize the user's input and at front end some advance editor
like summernote that allows escape of script execution[2]. If
Thoughts I have on this which might need some more effort too.
Allowing only alpha numeric in blog post ( For publish )
Not providing publish option and only preview option ( can use wider
character set)
Creating db manually and limited rights to user connecting to db.
Create read only demo by
Indeed.
+1
Thanks and Regards,
Aditya Sharma
On Sat, 17 Aug 2019 at 18:41, Swapnil M Mane
wrote:
> Hi team,
>
> The new adopters and users are generally looking for a demo instance of any
> software to evaluate it.
> This brings me a thought, we should have a demo instance for the Roller.
>
>
Hi team,
The new adopters and users are generally looking for a demo instance of any
software to evaluate it.
This brings me a thought, we should have a demo instance for the Roller.
Other Apache projects are also set up the demo instance for their project,
like
Apache Kibble -