We're trying to make our site somewhat harder to break into (someone broke in
earlier this year, still have no explanation other than "stolen password"), and
one step we could take would be to disable the html processor, that is, the
processor applied to
{{{
#!html
...
}}}
I read the docs and looked at the source, and it seems that it will always run,
although it does run with the sanitizer if wiki.render_unsafe_content is false.
What we want, is to turn it off completely, unless this would break some vital
function of Trac.
Suggestions? Should I file an RFE? I'm happy to give it a whack myself in my
own sandbox and see what happens.
Alternately, is it possible to write plugins for the sanitizer, so as to make
it much pickier about the html it accepts?
David Chase
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/trac-users?hl=en.
