HTML code in attributes

[rbovard]

The HTML code in attributes is not interpreted on mobile.

Example:
<a href="https://github.com/" target="_blank">Cliquer ici</a>

[tsauerwein]

@sbrunner Can the values in feature attributes always be trusted? Or can queries be made on user provided layers? In that case we would have to sanitize the values.

[sbrunner]

Good question, should we add a metatata with the list of the trsted (HTML) attributes?
For me it's better.

[tsauerwein]

... list of the trusted (HTML) attributes?

Would this be per layer or global? Global had the risk that a user-provided layer could have an attribute with the same name. Per layer, it would be sufficient to flag the whole layer as trusted (I think there would be no need to list each trusted attribute of a layer).

For now I would suggest to go with the sanitize-everything approach (see #996). If we see that this causes a problem, we can still introduce a trusted flag in the metadata.

[sbrunner]

Per layer, we don't have any global metadata

I think there would be no need to list each trusted attribute of a layer

It's exactly what I say :-)

can still introduce a trusted flag in the metadata.

List of attributes...

[tsauerwein]

Fixed with #996