Andreas Gohr
Andreas Gohr
for security reasons we prevent SVGs to load any external sources via CSP header: 6cda96e3cf806e272521e0e44b9592acb7d3b837 btw: Your svg seems to use a data URI to load the font, so the...
> I'll await the update in the plugin better open an issue for the plugin, then.
Thinking a bit more about this... maybe it would make sense to actually allow font loading in media files? I wonder if that's inherently risky. @michitux @micgro42 @phy25 @Klap-in do...
@michitux thanks for the feedback. So you would suggest the following CSP would be safe enough? Eg. allowing fonts embedded fonts and from google, but no objects. I think it...
please provide: * the syntax you're using to create the link * your interwiki configuration
@selfthinker I see two ways to fix this: - remove the CDATA comments completely (assuming we no longer try to be XML compliant anyway, since HTML5 is the new thing...
> It turns out, that the write permission is not read correctly on directories. Can you elaborate on that? What exactly was the original setup? Why did write checks fail...
The problem is the somewhat naive approach of the highlighting code in `html_hilight`. I think the best way to solve this would be to move the highlighting to JavaScript and...
> There is probably a reason to delay the call to the openLDAP() function? Ideally a connection to ldap would only be opened when needed. Eg, if I am not...
I reverted the changes. I think the best way to approach this is to completely refactor the media handling in the renderer. Media info should be passed as an object...