Short on time, just a few terse comments. * Stephan Beal <sgb...@googlemail.com> [20120703 21:37]: > - Mozilla's RTF editor as a wysiwyg wiki (possibly embedded docs?) editor. > We looked closely at this and it this will not be nearly as much work as i > first anticipated, but we will have to munge the output just a tiny bit to > suit or needs.
Sounds great, as long as it is not a requirement (either in fossil nor in the client). I guess the wiki markup issue is a done deal then? > - Adding more metadata to wikis, e.g. a title field. We might embed this > into the wiki content using a new wiki tag or similar. This would be great if it enabled keyword based tagging for later search. > We will have to enable the "style" attribute on tags in the wiki > content (style is currently filtered out by the wiki out of safety > concerns), and if anyone can name a concrete security reason why that > would be a Bad Idea, please speak up! This sounds like a wide open door for XSS attacks. https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.234_-_CSS_Escape_And_Strictly_Validate_Before_Inserting_Untrusted_Data_into_HTML_Style_Property_Values > - Adding a system for integrating "custom pages" to fossil repos, e.g. > /myCustomPage, which would call content stored in the db. The original idea > was to use this as a new layout mechanism for the site, but we think that > this could possibly be used to reimplement some of the current "static" > pages . Part of this would include a templating mechanism. The pages could > have security restrictions and could be flagged as syncable/clonable (or > not) by the site admin (only admin users would be able to create/edit such > pages). A logical extension of this would be to build up snippets/widgets > which users can use to customize their pages (e.g. embedding a > mini-timeline overview in their home page). I smell AOLServer... keep up the good work -- pica _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
