Maybe a dumb follow-up question, but I just don't know much about web server security:
Why does sanitization have to care about in-document style information?
On 03.11.2017 17:49, Dannon Baker wrote:
Hi Wolfgang,
As a security measure, we added sanitization by default of content displayed as HTML. Local galaxy administrators can use the display whitelist (left side of the admin window) to configure 'safe' applications, which will then no longer be sanitized on display. Let me know if this doesn't solve the problem for you!
-Dannon
On Fri, Nov 3, 2017 at 12:37 PM, Wolfgang Maier <wolfgang.maier@biologie.uni-freiburg.de <mailto:wolfgang.maier@biologie.uni-freiburg.de >> wrote:
Dear all,
until recently extra html files linked from html datasets got
displayed with style information applied, but this seems to have
changed.
I did not investigate the change in detail, but is this a
consequence of the backported
https://docs.galaxyproject.org/en/master/releases/17.09_anno unce.html#cross-site-scripting -and-session-fixation
<https://docs.galaxyproject.org/en/master/releases/17.09_ann >?ounce.html#cross-site-scriptin g-and-session-fixation
Is downloading the zipped data and opening it locally now the only
way to view styled html?
Have a nice weekend,
Wolfgang
___________________________________________________________ https://lists.galaxyproject.or
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:g/ <https://lists.galaxyproject.org/ >
To search Galaxy mailing lists use the unified search at:
http://galaxyproject.org/search/ <http://galaxyproject.org/search/ >