Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check valid and safe html markup in tooltip text #3

Open
eharris opened this issue Oct 9, 2019 · 0 comments
Open

Check valid and safe html markup in tooltip text #3

eharris opened this issue Oct 9, 2019 · 0 comments

Comments

@eharris
Copy link

eharris commented Oct 9, 2019
edited
Loading

As discussed in airsonic/airsonic#1154 I think we need to continue to support some form of formatting within tooltip strings from the internationalization properties files.

With an eye toward making using standard html markup as "safe" as possible, it would be nice to have some validation that the tags within the strings are valid, and also restricting which tags can be used.

I believe a reasonable set of tags to allow (somewhat in order of importance):

  • <br> - Line break
  • <b><strong> - Bold text
  • <i><em> - Italic text
  • <p> - Paragraphs
  • <ol><li> - Ordered lists
  • <ul><li> - Unordered lists

Others that aren't really necessary but might be nice:

  • <sub> - Subscripted text
  • <sup> - Superscripted text
  • <small> - Smaller text
  • <mark> - Marked/highlighted text
  • <del> - Deleted/strikethrough text
  • <ins> - Inserted text

Tags that should definitely not be allowed (in my opinion):

  • <a> - Links
  • <img> - Images
  • Any other tags that could cause other resources to be followed or loaded
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eharris