Thanks Greg and John! I think the trello card summarizes it well. Looking forward to the solution ;) -----Original Message----- From: jmchilton@gmail.com [mailto:jmchilton@gmail.com] On Behalf Of John Chilton Sent: woensdag 15 januari 2014 16:01 To: Greg Von Kuster Cc: Lukasse, Pieter; galaxy-dev@lists.bx.psu.edu Dev Subject: Re: [galaxy-dev] sanitize_all_html option Hey Greg and Pieter, Thanks for the report. This would seem to be an important feature if there are going to be a lot of tools producing rich HTML output - though I wonder if in some of these cases the visualization plugin framework might be the superior way to render these results (though admittedly no tool shed integration then). I have created a Trello card here - please vote, comment, etc... : https://trello.com/c/8iMhKlPX -John On Mon, Jan 13, 2014 at 9:21 AM, Greg Von Kuster <greg@bx.psu.edu> wrote:
Hello Pieter,
Please make sure to address items like this to the galaxy-dev@lists.bx.psu.edu mailing list rather than individual email accounts as that will ensure more timely responses that include more optimal feedback.
Sanitizing values from input text fields on tools and other Galaxy forms is an essential part of ensuring that the values will not wreak havoc within the Galaxy environment. Opening this up to being optional may be a concern to some Galaxy administrators. In any case, the Tool Shed probably should not have the ability to define the use of this feature since it has no affect within any of the Tool Shed environment ( only Galaxy or other applications in which things are installed from the Tool Shed will be affected ). So if it is decided by the Galaxy community that this feature ( i.e., sanitizing form text field values ) should be enhanced or altered, changes should be made within the Galaxy environment rather than the Tool Shed.
As input regarding this request comes in from the community, perhaps we can create an appropriate Trello card to capture the direction we should go.
Thanks very much for your request on this!
Greg Von Kuster
On Jan 13, 2014, at 6:16 AM, "Lukasse, Pieter" <pieter.lukasse@wur.nl> wrote:
Hi Greg,
I have some tools which produce HTML and the default setting of the option sanitize_all_html will give problems and/or make the output look ugly. Would it be an option to let the administrator decide, for each tool he installs, whether this option should apply or not? Now is a global setting which applies to all tools, and in practice this results in it being set to "false"....which means that in practice this is a "pseudo security item" as it will not be used that often.
The alternative I have been thinking about is to add a checkbox to the "manage repository" screen to allow the admin to turn this feature on/off for a specific repository. See also the screenshot below. Maybe you are already working in this direction, but I thought I'd just share this idea with you.
<image001.png>
Best regards,
Pieter Lukasse
Wageningen UR, Plant Research International
Departments of Bioscience and Bioinformatics
Wageningen Campus, Building 107, Droevendaalsesteeg 1, 6708 PB, Wageningen, the Netherlands
+31-317481122; skype: pieter.lukasse.wur
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/