Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
HTML in title of popup #18
Let's say that I have a tab with HTML to show an icon in it. HTML:
Problem 1) When I open that tab in a popup, the title becomes the following:
I rather want it to be just "Alarms" in this case.
Problem 2) When I "pop in" the popup, the text of the tab becomes the following:
i.e. the HTML isn't rendered, so I cannot see the icon, which I expect to see
Thanks for flagging this. It will be a bit of a balance: Currently the entire configuration string that's passed on to the child windows is stripped of tags and a number of expressions that can be used to create XSS attacks - in order to facilitate passing HTML to popout windows (not necessarily important for the title, but for components within it as well) I think we'd need to loosen the XSS policy a bit...
Sorry for the delay in that, but this needs a bit of testing to not open up attack vectors.