Loading...

XML

Word

Printable

Details

Type: New Feature
Resolution: Solved By
Priority: Major
Fix Version/s: None
Affects Version/s: Rendering in the platform
Component/s: Macro - HTML
Labels:
None

keywords:
disable html macro
Documentation:
N/A
Documentation in Release Notes:
N/A
Similar issues:

Description

http://dev.xwiki.org/xwiki/bin/view/Design/NewRenderingArchitecture
makes mention of disabling the HTML macro, but it appears that there is currently no safe way of doing this (simply removing the xwiki-core-rendering-macro-html-<version>.jar will likely break XWiki)

The use case for wanting to disable the HTML macro is essentially referenced here
http://massol.myxwiki.org/xwiki/bin/view/Blog/XWiki

I have 2 requirements;
1) explicily NOT allow javascript to be entered (to help prevent malicious scripts)
2) allow only a specified syntax, that is, do not allow users to enter html elements (primarily to keep content in the same format)

Attachments

Issue Links

depends on

XWIKI-6060 Create Display macro

Closed

XWIKI-7517 Add support for displaying properties in the {{display}} macro

Open

XWIKI-4096 RSS macro shouldn't transform the feed's HTML

Closed

Activity

People

Assignee:: Vincent Massol

Reporter:: Chris Phelan

Votes:: 2 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/Jun/09 13:36

Updated:: 24/Apr/23 16:50

Resolved:: 24/Apr/23 16:50

Date of First Response:: 08/Jun/09 1:43 PM