mahara-contributors team mailing list archive
-
mahara-contributors team
-
Mailing list archive
-
Message #13048
[Bug 1213994] Re: Additional html does not always work
I have submitted a patch for this
https://reviews.mahara.org/#/c/2409/
But the big question will be is this still safe enough security wise?
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contrib members
https://bugs.launchpad.net/bugs/1213994
Title:
Additional html does not always work
Status in Mahara ePortfolio:
Confirmed
Bug description:
I have got an email request explaining the problem:
"...But the problem is when I add a sample reference to Additional
HTML (Within HEAD), e.g.
<link href="some.css" type="text/css" rel="stylesheet">
it doesn't show inside HEAD element at all. Do you have an idea what to do to make it show inside HEAD element?"
It seems that clean_html parsing applied to Additional HTML removes
type of content similar to above. And actually make the Additional
HTML feature useless, as it seems ignore everything apart of very
simple html. I suggest not to do clean_html for this kind of output.
The reason is the feature is used by site admins only and simply makes
easier to add extra content without modifying the theme code. I think
site admin should take all responsibility for the content as it is the
same as adding it directly to theme code itself. BTW, similar feature
in Moodle does not apply clean html parsing to output as well.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1213994/+subscriptions
References