-
Feature
-
Resolution: Duplicate
-
Major
-
None
-
None
-
None
-
None
This isn't a big problem, but it might become a bigger problem in the future.
We have several datasets that have html in their metadata. This could be a problem because hackers could place malicious javascript into our site.
It would be great if we would sanitize our unwanted html as needed.
We could use NekoHTML to remove unwanted html characters. But we might want to allow some and perhaps some Markdown characters:
http://nekohtml.sourceforge.net/
Just like the markdown ticket there will need to be two fields in our database for every field that we allow html/markdown in. One field will contain the marked down text the other will have all formatting (besides carriage returns) removed. The text only version of the description or field will be used by our search index and any external discovery service we provide.
We have several datasets that have html in their metadata. This could be a problem because hackers could place malicious javascript into our site.
It would be great if we would sanitize our unwanted html as needed.
We could use NekoHTML to remove unwanted html characters. But we might want to allow some and perhaps some Markdown characters:
http://nekohtml.sourceforge.net/
Just like the markdown ticket there will need to be two fields in our database for every field that we allow html/markdown in. One field will contain the marked down text the other will have all formatting (besides carriage returns) removed. The text only version of the description or field will be used by our search index and any external discovery service we provide.