[Koha-bugs] [Bug 23978] Notes field in saved reports should allow for HTML
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23978 Katrin Fischer changed: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=19613 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23978] Notes field in saved reports should allow for HTML
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23978 Magnus Enger changed: What|Removed |Added CC||mag...@libriotech.no Status|Needs Signoff |Failed QA --- Comment #8 from Magnus Enger --- (In reply to Martin Renvoize from comment #5) > This patch updates the notes field to a $raw filter to prevent html > escaping of the data within it. (In reply to David Cook from comment #7) > Yeah I don't think we can just expose the raw HTML. Sounds like a security problem and a FQA to me. Please set back to NSO if you disagree. :-) -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23978] Notes field in saved reports should allow for HTML
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23978 --- Comment #7 from David Cook --- (In reply to Martin Renvoize from comment #6) > Is there a more secure way of doing this rather than just exposing the raw > html.. I feel like we're just undoing a security flaw we fixed for a reason. Yeah I don't think we can just expose the raw HTML. One option would be to use the HTML scrubber. I think there are quite a few parts of Koha where people want to use HTML, but could be limited to a fairly small subset of elements and attributes. > Is it time to use markdown for rich text or perhaps for linebreaks just > outputting the note field in a pre/code block? For line breaks, the "html_line_break" filter can be useful. For notes, adding that line break filter would make sense. I don't know that any other HTML features would really needed though. If they were to be added, I think we'd have to scrub them first. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23978] Notes field in saved reports should allow for HTML
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23978 Martin Renvoize changed: What|Removed |Added CC||dc...@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23978] Notes field in saved reports should allow for HTML
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23978 --- Comment #6 from Martin Renvoize --- Is there a more secure way of doing this rather than just exposing the raw html.. I feel like we're just undoing a security flaw we fixed for a reason. Is it time to use markdown for rich text or perhaps for linebreaks just outputting the note field in a pre/code block? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23978] Notes field in saved reports should allow for HTML
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23978 Martin Renvoize changed: What|Removed |Added Status|ASSIGNED|Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23978] Notes field in saved reports should allow for HTML
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23978 Martin Renvoize changed: What|Removed |Added Attachment #95108|0 |1 is obsolete|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23978] Notes field in saved reports should allow for HTML
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23978 Martin Renvoize changed: What|Removed |Added Severity|trivial |normal -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23978] Notes field in saved reports should allow for HTML
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23978 Martin Renvoize changed: What|Removed |Added Assignee|th...@lib.auth.gr |martin.renvoize@ptfs-europe ||.com CC||martin.renvoize@ptfs-europe ||.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23978] Notes field in saved reports should allow for HTML
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23978 --- Comment #5 from Martin Renvoize --- Created attachment 161711 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=161711&action=edit Bug 23978: Expose HTML in Reports This patch updates the notes field to a $raw filter to prevent html escaping of the data within it. Signed-off-by: Martin Renvoize -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23978] Notes field in saved reports should allow for HTML
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23978 --- Comment #4 from Mirjam Vantieghem --- +1 We are currently using a custom patch to achieve this. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23978] Notes field in saved reports should allow for HTML
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23978 Mirjam Vantieghem changed: What|Removed |Added CC||mirjam.vantieg...@etf.edu -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23978] Notes field in saved reports should allow for HTML
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23978 Séverine Queune changed: What|Removed |Added CC||severine.que...@bulac.fr -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23978] Notes field in saved reports should allow for HTML
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23978 Katrin Fischer changed: What|Removed |Added Summary|notes field in saved|Notes field in saved |reports should allow HTML |reports should allow for ||HTML -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
