inline <style> and <script> blocks removed

[ittayd@…]

i have created a page with the attached content. when i view the 'page source' through the browser, the <style> and <script> blocks are gone.

[ittayd@…]

btw, when i pasted the html code into a file, the browser showed it fine

[sid]

If your server runs on an intranet (i.e. no security threats), you could add the missing tags <script> and <style> to the 'safe_tags' list defined in ​html.py file (line 185), so that these tags do not get filtered out of the rendered XHTML output stream.

[ittayd@…]

why should i need to hack the code for that? what will happen in the next release (meaning, do i need to keep a list of all my code changes?)

[Emmanuel Blot]

Replying to ittayd@qlusters.com:

what will happen in the next release (meaning, do i need to keep a list of all my code changes?)

I maintain a custom release of Trac to preserve my own changes (when a new version of Trac is released, I merge my changes with the new Trac code base).

why should i need to hack the code for that?

For now, there is no option to "render unsafe html" contents.

As this "issue" has been raised several times, maybe it is time to add an option so that the HTML sanitizer preserves all tags. Such an option would be useful when the Trac server is run on a private network.

[Noah Kantrowitz <coderanger@…>]

Replying to sid:

If your server runs on an intranet (i.e. no security threats), you could add the missing tags <script> and <style> to the 'safe_tags' list defined in ​html.py file (line 185), so that these tags do not get filtered out of the rendered XHTML output stream.

Perhaps there should be an option in trac.ini to add tags/attrs to the list?