hyrax icon indicating copy to clipboard operation
hyrax copied to clipboard
verified publisher icon samvera

Execute some html in description field

Open mjgiarlo opened this issue 9 years ago • 10 comments

Issue by hackmastera Tuesday Aug 16, 2016 at 14:02 GMT Originally opened as https://github.com/projecthydra/sufia/issues/2473

Descriptive summary

Sufia 6 allowed too much but Sufia 7 allows nothing. My users want at least italics so they can, e.g., reference book titles.

mjgiarlo avatar Dec 21 '16 23:12 mjgiarlo

Comment by hackmastera Tuesday Aug 16, 2016 at 14:08 GMT

Paragraphs are being used here as well.

mjgiarlo avatar Dec 21 '16 23:12 mjgiarlo

Comment by mjgiarlo Tuesday Dec 20, 2016 at 23:30 GMT

I believe this is now available, from https://github.com/projecthydra/sufia/commit/11521027aa85843f26dd880f397143797be0d28f

mjgiarlo avatar Dec 21 '16 23:12 mjgiarlo

Comment by hackmastera Wednesday Dec 21, 2016 at 18:14 GMT

Hm, that allows links but I need maybe <cite> and <br>. It might be nice to have a configurable whitelist?

mjgiarlo avatar Dec 21 '16 23:12 mjgiarlo

Comment by mjgiarlo Wednesday Dec 21, 2016 at 19:27 GMT

@hackmastera oh, shoot, I misread this. Sorry to have closed it prematurely.

I'll move this issue to Hyrax. What would a starting default whitelist look like? a, cite, and br? Toss a list at me and I'll make sure it's carried over.

mjgiarlo avatar Dec 21 '16 23:12 mjgiarlo

Comment by hackmastera Wednesday Dec 21, 2016 at 19:31 GMT

@mjgiarlo Also p. I think that's all we have. Thanks!!

mjgiarlo avatar Dec 21 '16 23:12 mjgiarlo

Comment by mjgiarlo Wednesday Dec 21, 2016 at 19:36 GMT

Description metadata field should render limited HTML. Whitelist of tags:

  • <a>
  • <cite>
  • <br>
  • <p>
  • <em>

Thanks, @hackmastera

mjgiarlo avatar Dec 21 '16 23:12 mjgiarlo

Comment by jcoyne Wednesday Dec 21, 2016 at 20:20 GMT

Are there any HTML attributes we want to whitelist? We wouldn't want to allow onclick="stealMyCookies()", but we might want href="http://example.com/"

mjgiarlo avatar Dec 21 '16 23:12 mjgiarlo

Comment by mjgiarlo Wednesday Dec 21, 2016 at 22:20 GMT

Be great if there were some library out there that could do this for us.

mjgiarlo avatar Dec 21 '16 23:12 mjgiarlo

See, e.g.: https://github.com/curationexperts/laevigata/blob/27ad4e0faddde4b3f4a27f629db5063d26e6f920/lib/input_sanitizer.rb

no-reply avatar Jul 02 '18 18:07 no-reply

In SMIG, we discussed this is of mid-level interest. There is basic HTML support in the Collection's description field, e.g. italics. Something similar could be appropriate. For example, one might want to ability to cite scholarship and italicize a journal name or book title.

acklose avatar Apr 22 '25 18:04 acklose