Edgewall Software

Opened 17 years ago

Last modified 14 years ago

#4536 new enhancement

render_unsafe_content in [4472] could be restricted to read-only pages.

Reported by: martin@… Owned by:
Priority: normal Milestone: unscheduled
Component: wiki system Version: devel
Severity: minor Keywords: unsafe content
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:


In my case i don't want to allow the unsafe content to be available on all pages (the scripts are used to allow documentation to have special links for firefox browsers to load pkcs11 modules). So instead of turning this feature on wiki-wide I would be happy and more secure if i could turn it on for read-only pages only (as I'm willing to make that page read-only)

Attachments (0)

Change History (4)

comment:1 by Christian Boos, 17 years ago

Milestone: 0.12

I think it's a good idea.

comment:2 by anonymous, 16 years ago

This sounds like a great enhancement, I would really like to have that.

Any progress on the issue?

comment:3 by Christian Boos, 16 years ago

No, it's not exactly clear either how this could be implemented cleanly.

Eventually (ab)using the permission system with a RENDER_UNSAFE_CONTENT capability and in the WikiProcessor, checking that permission for the formatter.resource. The advantage of such an approach would be to be able to modulate the render_unsafe_content on a per-resource basis. It would also be possible to write an IPermissionPolicy plugin that would grant that "permission" for all read-only wiki page.

comment:4 by Christian Boos, 14 years ago

Milestone: next-major-0.1Xunscheduled
Owner: Jonas Borgström removed

Modify Ticket

Change Properties
Set your email in Preferences
as new The ticket will remain with no owner.
The ticket will be disowned.
as The resolution will be set. Next status will be 'closed'.
The owner will be changed from (none) to anonymous. Next status will be 'assigned'.

Add Comment

E-mail address and name can be saved in the Preferences .
Note: See TracTickets for help on using tickets.