Hi Bram,
Hi Pascal,
thanks for your replies and you both are absolutely right. In our repository
with open access publications we have a heavy use of this feature and there are
only a few administrators. So this is ok and we know who they are.
On the other side there are for example research
Hi Paul,
this issue was discussed several times. Community/Collection descriptions can
be edited by repository administrators and Community/Collection administrators
only. We always said that those are trusted. Of course you can argue, that they
could make mistakes even if they don’t want to,
Hi Paul,
I definitely agree that it is a potential security risk and that people
editing community and collection pages have to watch out what they are
doing.
However, the ability to get script tags executed on those pages makes some
integrations relatively light weight.
One example are the
Hello Mark,
thanks for the reply. I checked the SimpleHTMLFragment.java, but it
isn't used in the community or collection UI. I guess that it's a XSLT
problem.
HTML-code snippets in the community or collection description fields are
interpreted, but not on the item page. The only difference I
On Tue, May 19, 2020 at 08:09:07AM +0200, Paul Münch wrote:
> unfortunately it is possible to add some executable scripts in the
> description metadata of communities and collections. Even if someone don’t
> plan evil things, inexperienced community or collection admins could do some
> damage.
Hello,
unfortunately it is possible to add some executable scripts in the description
metadata of communities and collections. Even if someone don’t plan evil
things, inexperienced community or collection admins could do some damage.
Do you have a solution or a workaround for this? I've
Hello,
unfortunately it is possible to add some executable scripts in the description
metadata of communities and collections. Even if someone don’t plan evil
things, inexperienced community or collection admins could do some damage.
Do you have a solution or a workaround for this? I've looked
