cubicweb #1348353 soup2xhtml should strip inlined style [resolved]
see how it may make your page ugly on https://www.logilab.net/extranet/ticket/56375 | |
priority | normal |
---|---|
type | bug |
done in | 3.10.6 |
load | 0.300 |
load left | 0.000 |
closed by | <not specified> |
similar entities
Comments
-
2010/10/22 08:20, written by fcayre-old
-
2010/10/22 09:12, written by sthenault
-
2010/10/22 12:18
-
2010/10/22 13:08, written by sthenault
add commentYou should take a look at what drupal does on this topic (HTML filter), where different user groups can use different HTML filters, so that the security level can be adjusted to the confidence level you have in your users. Drupal is a CMS though, not CW, but we could learn a bit from the CMS field as well...
users we trust simply don't copy/paste from word, use inline html style.
Actually, they use ReST :p
What behaviour do we expect here ? IMO, we should only permit a subset of html elements. By example:
The attributes should be dropped as well because they can interfere with content (ex: trying to reuse cw class).
take a look at what other frameworks do.
I don't see why you should forbid to reuse cw css classes.