5 Jun
2009
5 Jun
'09
12:22 p.m.
err. I should mention that the HTML macro is used in lots of places
already. Removing it will probably make parts of XWiki fail. Like
$doc.display() calls.
That's a good feedback. We need to ensure that no part of the core is
using that macro (and same for the default XAR) if we want to be able
to let users remove it safely...
Could you create a jira issue for this please (with an explanation for
your use case)?
Thanks
-Vincent
On Jun 5, 2009, at 12:20 PM, Vincent Massol wrote:
Hi Chris,
The easiest is simply to remove the xwiki-core-rendering-macro-html-
<version>.jar file from your WEB-INF/lib directory for now since we
haven't implemented a UI for disabling macros yet. That's planned
for later (probably during 2.0 timeframe).
Thanks
-Vincent
On Jun 5, 2009, at 12:14 PM, Chris Phelan wrote:
>
>
> These pages make reference to disabling the HTML macro, but I am
> struggling to find out exactly how to do this - any pointers? I'm
> running 1.8.2.
>
> http://dev.xwiki.org/xwiki/bin/view/Design/NewRenderingArchitecture
> "Admins of a XWiki installation will be able to prevent using the
> XHTML
> macro for example (for security reasons) by disabling the macro."
>
>
> http://massol.myxwiki.org/xwiki/bin/view/Blog/XWiki
> "It also provides security control to wiki admins if they want to
> prevent users from entering HTML (and thus potentially harmful
> javascript)."
>
> Thanks,
>
> Chris