Custom Query (1173 matches)
Results (91 - 93 of 1173)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#92 | FIXED | Need a util.html_cleaner() method with good tests | ||
Description |
There's no way around it, we're going to need a good sanitizer for comment/description/etc html **regardless** of `whether or not we use markdown <http://bugs.foocorp.net/issues/363#note-5>`_ ... so I think the html cleaner should: - use `lxml.html.clean <http://lxml.de/lxmlhtml.html#cleaning-up-html>`_ - Use **only whitelisted tags**... this is possible through lxml, we need to do it right. Tags I think we'll need to allow: b, i, em, strong, p, ul, ol, li, a, br. (any others?) - Only whitelisted attributes - XSS attribute attack prevention, other XSS prevention stuff... see the lxml.html.clean docs. - have tests that try to attack each one of these components. In the future it might be a good idea to also prevent certain other annoying things... deeply nested .. raw:: html <p> 's, etc. But for now I think this will be good enough. |
|||
#93 | FIXED | Consider Workbench class | ||
Description |
Out of random thinking, I was pondering about a Workbench class. This ticket is mainly to not loose the discussion points, etc. Ideas, etc will pop up on my dev/workbench\_class branch. |
|||
#94 | wontfix | exif data handling for users | ||
Description |
At some point, we will need to address exif data. I think it would be nice for the user to be able to access and search for their exif data, but we also want to be able to let the user scrub it before posting to their network. The best case is where the user has access to exif data by default and the viewer does not. Usecase 1: I want to search for all the photos from my trip to Greece 4 years ago using my exif data. Usecase 2: I do not want people to access the exif info for my kid's elementary school or my company's colo. Usecase 3: I want to see the exif info for last year's awesome mushroom foraging spot, but absolutely do not want it made public. Finely tuned control of exif data would represent a tangible feature that we could offer that is not offered by flickr. I don't have a strong opinion about how this would look on the back end. On the front end it should be very clear what's happening and the default should be to strip it out before posting so no one posts exif data unless they specifically choose to. |
Note:
See TracQuery
for help on using queries.