Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to bypass sanitizer for external rendering #7599

Closed
sapk opened this issue Jul 24, 2019 · 1 comment
Closed

Allow to bypass sanitizer for external rendering #7599

sapk opened this issue Jul 24, 2019 · 1 comment
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.

Comments

@sapk
Copy link
Member

sapk commented Jul 24, 2019

Before doing a PR that may impact security I would like to have your advice

I would need to bypass the sanitizer by adding an option to external markup like DISABLE_SANITIZER.

The goal is for issue like #5979 to be able to load JS libs (external or in public) like https://git.sapk.fr/Madeleine.js/examples/ajax.html

I think this would largely improve external rendering without introducing security risk by default but let the admin the possibility to load js or html that it trust.
@lunny lunny added the type/proposal The new feature has not been accepted yet but needs to be discussed first. label Jul 25, 2019
@wxiaoguang
Copy link
Contributor

Here it is: RENDER_CONTENT_MODE

@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lunny @wxiaoguang @sapk