[Building Sakai] html links in announcements and T&Q
Karen Tsao
ktsao at stanford.edu
Tue Feb 1 16:28:35 PST 2011
Hi Chris,
The change is to prevent cross site scripting (XSS). We call some APIs from
org.sakaiproject.util.FormattedText class to translate the input to html
safe content.
Thanks,
Karen
On Tue, Feb 1, 2011 at 2:30 PM, Brandt, Chris M. <cmbrandt at ucdavis.edu>wrote:
> We had an issue awhile back where the announcement tool wouldn't allow any
> HTML content (br, ul, li, etc.).
>
> We're having a similar issue again -- only this time it's preventing us
> from using the 'a' tag.
>
> In Announcements, a warning error pops up -"Alert: The HTML tag '<a>' is
> not allowed in formatted text."
>
> In T&Q, it just rewrites the content, translating it to html safe content.
>
> We're not sure when this cropped up, but it was only reported to us
> recently.
>
> Any suggestions?
>
> Chris
>
> ____________
>
> Chris Brandt, DVM, MS
> Instructional Media Development Specialist
> Computing and Technology Services (CATS)
> UC Davis School of Veterinary Medicine
> http://www.vetmed.ucdavis.edu
> (530) 754-4452
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20110201/73107fa0/attachment.html
More information about the sakai-dev
mailing list