https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23978 --- Comment #7 from David Cook <dcook@prosentient.com.au> --- (In reply to Martin Renvoize from comment #6)
Is there a more secure way of doing this rather than just exposing the raw html.. I feel like we're just undoing a security flaw we fixed for a reason.
Yeah I don't think we can just expose the raw HTML. One option would be to use the HTML scrubber. I think there are quite a few parts of Koha where people want to use HTML, but could be limited to a fairly small subset of elements and attributes.
Is it time to use markdown for rich text or perhaps for linebreaks just outputting the note field in a pre/code block?
For line breaks, the "html_line_break" filter can be useful. For notes, adding that line break filter would make sense. I don't know that any other HTML features would really needed though. If they were to be added, I think we'd have to scrub them first. -- You are receiving this mail because: You are watching all bug changes.