← Back to team overview

mahara-contributors team mailing list archive

[Bug 1213994] Re: Additional html does not always work

 

I have submitted a patch for this
https://reviews.mahara.org/#/c/2409/

But the big question will be is this still safe enough security wise?

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contrib members
https://bugs.launchpad.net/bugs/1213994

Title:
  Additional html does not always work

Status in Mahara ePortfolio:
  Confirmed

Bug description:
  I have got an email request explaining the problem:

  "...But the problem is when I add a sample reference to Additional
  HTML (Within HEAD), e.g.

  <link href="some.css" type="text/css" rel="stylesheet">
  it doesn't show inside HEAD element at all. Do you have an idea what to do  to make it show inside HEAD element?"

  It seems that clean_html parsing applied to Additional HTML removes
  type of content similar to above. And actually make the Additional
  HTML feature useless, as it seems ignore everything apart of very
  simple html.  I suggest not to do clean_html for this kind of output.
  The reason is the feature is used by site admins only and simply makes
  easier to add extra content without modifying the theme code. I think
  site admin should take all responsibility for the content as it is the
  same as adding it directly to theme code itself. BTW, similar feature
  in Moodle does not apply clean html parsing to output as well.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1213994/+subscriptions


References