Custom Query (1173 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (91 - 93 of 1173)

Ticket Resolution Summary Owner Reporter
#92 FIXED Need a util.html_cleaner() method with good tests Christopher Allan Webber
Description
There's no way around it, we're going to need a good sanitizer for
comment/description/etc html **regardless** of
`whether or not we use markdown <http://bugs.foocorp.net/issues/363#note-5>`_
... so I think the html cleaner should:


-  use
   `lxml.html.clean <http://lxml.de/lxmlhtml.html#cleaning-up-html>`_
-  Use **only whitelisted tags**... this is possible through lxml,
   we need to do it right. Tags I think we'll need to allow: b, i, em,
   strong, p, ul, ol, li, a, br. (any others?)
-  Only whitelisted attributes
-  XSS attribute attack prevention, other XSS prevention stuff...
   see the lxml.html.clean docs.
-  have tests that try to attack each one of these components.

In the future it might be a good idea to also prevent certain other
annoying things... deeply nested

.. raw:: html

   <p>
   
's, etc. But for now I think this will be good enough.



#93 FIXED Consider Workbench class Christopher Allan Webber Elrond
Description
Out of random thinking, I was pondering about a Workbench class.

This ticket is mainly to not loose the discussion points, etc.

Ideas, etc will pop up on my dev/workbench\_class branch.



#94 wontfix exif data handling for users Deb Nicholson
Description
At some point, we will need to address exif data. I think it would
be nice for the user to be able to access and search for their exif
data, but we also want to be able to let the user scrub it before
posting to their network. The best case is where the user has
access to exif data by default and the viewer does not.

Usecase 1: I want to search for all the photos from my trip to
Greece 4 years ago using my exif data.

Usecase 2: I do not want people to access the exif info for my
kid's elementary school or my company's colo.

Usecase 3: I want to see the exif info for last year's awesome
mushroom foraging spot, but absolutely do not want it made public.

Finely tuned control of exif data would represent a tangible
feature that we could offer that is not offered by flickr. I don't
have a strong opinion about how this would look on the back end. On
the front end it should be very clear what's happening and the
default should be to strip it out before posting so no one posts
exif data unless they specifically choose to.



Batch Modify
Note: See TracBatchModify for help on using batch modify.
Note: See TracQuery for help on using queries.