err. I should mention that the HTML macro is used in lots of places already. Removing it will probably make parts of XWiki fail. Like $doc.display() calls.
That's a good feedback. We need to ensure that no part of the core is using that macro (and same for the default XAR) if we want to be able to let users remove it safely... Could you create a jira issue for this please (with an explanation for your use case)? Thanks -Vincent On Jun 5, 2009, at 12:20 PM, Vincent Massol wrote: > Hi Chris, > > The easiest is simply to remove the xwiki-core-rendering-macro-html- > <version>.jar file from your WEB-INF/lib directory for now since we > haven't implemented a UI for disabling macros yet. That's planned > for later (probably during 2.0 timeframe). > > Thanks > -Vincent > > On Jun 5, 2009, at 12:14 PM, Chris Phelan wrote: > >> >> >> These pages make reference to disabling the HTML macro, but I am >> struggling to find out exactly how to do this - any pointers? I'm >> running 1.8.2. >> >> http://dev.xwiki.org/xwiki/bin/view/Design/NewRenderingArchitecture >> "Admins of a XWiki installation will be able to prevent using the >> XHTML >> macro for example (for security reasons) by disabling the macro." >> >> >> http://massol.myxwiki.org/xwiki/bin/view/Blog/XWiki >> "It also provides security control to wiki admins if they want to >> prevent users from entering HTML (and thus potentially harmful >> javascript)." >> >> Thanks, >> >> Chris _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
