Allow safe HTML tags in static pages (content field)
|Assignee:||Dan Gillean||% Done:|
|Target version:||Release 2.2.0|
|Google Code Legacy ID:||Tested version:|
'div', 'span', 'p', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'strong', 'em', 'abbr[title]', 'acronym', 'address', 'blockquote', 'cite', 'code', 'pre', 'br', 'a[href]', 'img[src]', 'ul', 'ol', 'li', 'dl', 'dt', 'dd', 'table', 'tr', 'td', 'th', 'tbody', 'thead', 'tfoot', 'col', 'colgroup', 'caption', 'b', 'i', 'tt', 'sub', 'sup', 'big', 'small', 'hr'
'class', 'title', 'src', 'href'
It can be disabled in app.yml. Defaults to true:
#3 Updated by Dan Gillean over 7 years ago
Ohhhh I thought of one more use case to consider.
Some of our portal users have embedded youtube videos and the like - e.g. using iframe elements. If there are not additional security risks for those, I'd suggest we add them for both static pages and the institutional header area as allowed elements. Others have used embedded maps on static pages (also using iframes, etc).
If that's possible, I see no reason why the rules for the institution header can't be the same as the static pages.
#5 Updated by Dan Gillean over 7 years ago
- Requires documentation set to Yes
This will require some clear warnings in the docs about what elements are allowed and what are not, as well as a rewrite of some of our static page suggestions, found here:
To replace some of the examples we have previously included, our style guide should show examples that re-use existing Bootstrap CSS classes. Jesus has re-styled the demo homepage using Bootstrap CSS classes by way of example.
#6 Updated by Jesús García Crespo over 7 years ago
- Status changed from New to QA/Review
- Assignee changed from Jesús García Crespo to Dan Gillean
Fixed in https://github.com/artefactual/atom/commit/0fb9a592a32d5c6215ecd606b530ddc7013e2b4b.
Pull request: https://github.com/artefactual/atom/pull/76. See also #7647.
#7 Updated by Dan Gillean about 7 years ago
- Status changed from QA/Review to Verified
Note: we decided to make this turned off by default, as enabling it will break many existing static pages for our user community. It can be enabled by changing the value of line 32 in config/app.yml to:
Existing Bootstrap CSS classes can be used for certain styling elements (such as centering images) - examples will be added to the 2.2 documentation for static pages (link to location in current 2.1 documentation above). The home page of the demo site in 2.2 can also be referenced as an example.