IMO this should be resolved per-server configuration. Consider the
risk of XSS attacks: simply treating all comments as text/plain
automatically mitigates any past XSS attack attempts. Granted, XSS
attacks are not very likely given that few users can be expected to
have commit access...
I would prefer that the UI allow the user to select between HTML,
wiki, and text/plain, thus allowing for future markup types (e.g.,
asciidoc); the default (for new comments) should be text/plain. The
format of old comments should be given by a server-side configuration
parameter. The available formats for new comments should be
constrained by a server-side config param.
Nico
Hi,
maybe another idea to solve this problem is to use TH1 to render
tickets, i.e. "attach" a TH1 function to a ticket which renders it.
For plain text use an identity function, for html use an to-html
function and for just rendering the hash references use another
function. This function could be synced between repositories. It
still would require amending the cards with additional information.
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
