The new call to sanitize_html was introduced to more effectively prevent
malicious content and possible XSS attacks, though I can't think off the
top of my head why we couldn't allow style content. I'll see what I can
do about relaxing the filter a little.
On 01/30/2012 10:33 PM, Cory Spencer wrote:
Hello all -
One of the Galaxy tools I've been developing generates HTML output which I'd
styled using a<style>...</style> tag in the HTML header. After updating to
the latest Galaxy release earlier today,
the<html>,<head>...</head>,<style> and<body> tags started
to get stripped from the output, rendering previously CSS styled output rather unstylish.
Delving into things, I noticed a change committed in December that sanitizes the output
for HTML files via a call to "sanitize_html":
The added lines 381 -> 383 in the new file appear to be causing this new behaviour.
Is there any option for making this optional? What was the rational behind stripping out
these tags on outputted HTML files?
Thanks for any help!
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at: