webadmin: Disable popover content sanitization #116
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We're currently using popovers for the edit box, which in the current implementation includes inline javascript which is rejected by the bootstrap sanitizer. This has been broken since the upgrade to bootstrap 4.5.3 in commit 2db4670. This commit addresses the shorterm issue by disabling popover data sanitization, but in the long term it would be better to have a clearer and more sandbox way to edit information in the page.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We're currently using popovers for the edit box, which in the current
implementation includes inline javascript which is rejected by the
bootstrap sanitizer. This has been broken since the upgrade to
bootstrap 4.5.3 in commit
2db4670. This commit addresses the
shorterm issue by disabling popover data sanitization, but in the long
term it would be better to have a clearer and more sandboxed way to edit
information in the page.
Resolves #115