cubicweb #1348353 soup2xhtml should strip inlined style [resolved]

see how it may make your page ugly on https://www.logilab.net/extranet/ticket/56375

prioritynormal
typebug
done in3.10.6
load0.300
load left0.000
closed by<not specified>

Workflow history

from state (3)to statecommentdateUser
validation pendingresolved2011/05/27 14:23 UTCsthenault
donevalidation pending

version publiƩe

2010/11/30 21:54 UTCnchauvat
opendone2010/11/05 15:59 UTCsthenault

Comments

  • 2010/10/22 08:20, written by fcayre-old

    You should take a look at what drupal does on this topic (HTML filter), where different user groups can use different HTML filters, so that the security level can be adjusted to the confidence level you have in your users. Drupal is a CMS though, not CW, but we could learn a bit from the CMS field as well...

    • 2010/10/22 09:12, written by sthenault

      users we trust simply don't copy/paste from word, use inline html style.
      Actually, they use ReST :p

  • 2010/10/22 12:18

    What behaviour do we expect here ? IMO, we should only permit a subset of html elements. By example:

    ('div', 'span', 'p', 'b', 'i', 'u', 'a', 'table', 'tr', 'td', 'br', 'img', '<em>', '<strong>', '<cite>', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd', 'h4', 'blockquote', ...)

    The attributes should be dropped as well because they can interfere with content (ex: trying to reuse cw class).

  • 2010/10/22 13:08, written by sthenault

    take a look at what other frameworks do.

    I don't see why you should forbid to reuse cw css classes.

add comment
tagged by