https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40659 --- Comment #11 from David Cook <dcook@prosentient.com.au> --- (In reply to Andrew Fuerste-Henry from comment #10)
(In reply to David Cook from comment #8)
However, for new code, I think that we want to do better - in any case.
Can you provide some further detail on what "do better" would mean to you in this situation? What is it about the approach on 39860 that meets your needs better than the work here?
Yeah for sure. I can DM you with more in-depth info, but here I'll say that bug 39860 uses the HTML::Scrubber to allow a safe range of HTML to be added. I'd add it's not about my needs, but rather the security of Koha as a whole. I'm just quite active in the security space. At some point, I hope to either add some additional coding guidelines or a separate "Safe Coding Guidelines" to complement the existing coding guidelines, which should then make things clearer. Thanks for the question! -- You are receiving this mail because: You are watching all bug changes.