Uploaded image for project: 'Elements Connect'
  1. Elements Connect
  2. CO-3581

Add an option to force the rendering of HTML returned by the datasource

    XMLWordPrintable

    Details

    • Type: Change Request
    • Status: Closed
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 6.1.0
    • Labels:
      None
    • Functional components:
      Display
      Display template

      Description

      Motivation

      Since CO-3565, the HTML returned by the datasource is escaped to prevent XSS injection.

      While it's good to increase security of the product, some users get HTML from their datasource (i.e.: a knowledge base) and want it to be interpreted in display mode.

      Impact

      Field admin

      In the "Advanced option" dialog of the field configuration, add an option:

      Evaluate HTML: "Dangerously evaluate HTML returned by the datasource"

      Runtime

      This option is unchecked by default on new and existing configurations.
      When checked, HTML returned by the datasource will be evaluated on display (behavior of Connect < 6.0.2)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              christophe.prome@valiantys.com Christophe Promé
              Votes:
              5 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: