I see! I've read a bit about the topic now and playing it safe like this
makes sense.
Thanks again for the explanation,
Wolfgang
On 03.11.2017 18:48, Dannon Baker wrote:
No, it's a good question!
The primarily concern is malicious javascript which could be used to
compromise a user's accoun
No, it's a good question!
The primarily concern is malicious javascript which could be used to
compromise a user's account or otherwise act on their behalf. Javascript
is of course stripped out by the sanitizer, but it's also possible to embed
javascript in CSS files (I think at this point only i
Maybe a dumb follow-up question, but I just don't know much about web
server security:
Why does sanitization have to care about in-document style information?
On 03.11.2017 17:49, Dannon Baker wrote:
Hi Wolfgang,
As a security measure, we added sanitization by default of content
displayed a
Hi Dannon,
works like a charm! Thanks a real lot for this superfast solution,
Wolfgang
On 03.11.2017 17:49, Dannon Baker wrote:
Hi Wolfgang,
As a security measure, we added sanitization by default of content
displayed as HTML. Local galaxy administrators can use the display
whitelist (lef
Hi Wolfgang,
As a security measure, we added sanitization by default of content
displayed as HTML. Local galaxy administrators can use the display
whitelist (left side of the admin window) to configure 'safe' applications,
which will then no longer be sanitized on display. Let me know if this
do
Dear all,
until recently extra html files linked from html datasets got displayed
with style information applied, but this seems to have changed.
I did not investigate the change in detail, but is this a consequence of
the backported
https://docs.galaxyproject.org/en/master/releases/17.09_anno