7 Aug
2013
7 Aug
'13
5:32 p.m.
On Aug 7, 2013, at 5:30 PM, Christian Meunier <christian.meunier(a)magelo.com> wrote:
Hi Vincent,
Can you point me to the PR from Thomas ? I have already integrated the XSS PR but it does
not secure the Html Macro out of the box right now.
Looks like a @Named("securehtml") component who be needed in order to provide a
secured Html macro, has anyone started working on it already ?
I'll let ThomasD answer this since I'm not sure where it is… (Note: Thomas might
be on Holidays ATM)
AFAIR he's using tagsoup as a htmlcleaner filter (configurable through xwiki
configuration files).
Thanks
-Vincent
Thanks !
>>>
>>> Also if you could explain me how I can secure the HtmlMacro without touching
its jar that would be very helpful. From looking around and the discussion, I was under
the impression that it was possible but I just dont know how…
>> This is a work in progress. There's a pull request from Thomas Delafosse
about this but it's not been applied yet AFAIK.
>
>> Thanks
>> -Vincent