--=-rrQntC8kwuKpkUxay24M
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
hey guys,
On Tue, 2007-04-10 at 09:45 +0100, Ton Voon wrote:
>=20
> What about where we *do* want html passed through to the web =20
> interface? For instance, we have urlize which wraps the output with =20
> an tag.
another option would be to allow some commands to be exempt from
filtering via a config option. i would say that the plugin shouldn't
really concern itself with the details of formatting output in html at
all (and maybe leave it to some "helper" utilities like urlize). then
of course these helper commands would need to be responsible for
filtering their input (before marking up the output), but at least it
would funnel everything through a single path.
but of course this all goes with the disclaimer that i haven't been
paying any attention to the latest goings-on with multiline output and
nagios3 in general
> I would prefer Sean's suggestion of allowing "safe" tags. My drupal =20
> install has a "filtered HTML mode" which allows =20
> , which seems like a =20
> reasonable list to allow. Any other tags should be stripped, rather =20
> than just encoded, I think.
spending a little time thinking about this, i think there could still be
problems if we allowed certain tags. for example, what about if an
tag contained embedded javascript? i'm not sure there's any way to do
this safely without going all the way down the road to using an html
parser.
sean
--=-rrQntC8kwuKpkUxay24M
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQBGH7SGynjLPm522B0RAm+0AJ4sI2Wza+PkfUoC1YeMd5YiSioDPQCff2Xe
EY19e6/cYRt0pkQaDrfwAV4=
=5SwA
-----END PGP SIGNATURE-----
--=-rrQntC8kwuKpkUxay24M--
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]