Added <hr> to allowed tags - should <img> be removed?

Events happening in the community are now at Drupal community events on www.drupal.org.
pwolanin's picture
Posted by pwolanin on December 29, 2010 at 1:10am

Per request of webchick, I added <hr> to Filtered HTML -- No Markdown and Filtered HTML formats.

She also reports that we are allowing <img> tags - this are disallowed by default on drupal.org for security reasons - should that tag be removed for normal uses on g.d.o too?

Comments

Security concerns are overblown

Posted by greggles on December 29, 2010 at 2:39pm
greggles's picture

I think the security concerns are overblown. The worst people can do, afaik, is leverage it to more easily do csrf. I'm willing to take the risk that g.d.o doesn't have any important actions that are vulnerable to csrf in exchange for allowing images.

Or am I missing some threat?

knaddison blog | Morris Animal Foundation

Hurray for reason!

Posted by moshe weitzman on December 29, 2010 at 4:33pm
moshe weitzman's picture

Hurray for reason! Disallowing images in 2010 is absurd. The attachment cycle thats required on drupal.org is cruel and unusual punishment.

+1 <img>

Posted by verikami on January 16, 2011 at 9:13am
verikami's picture

Agree with Moshe - communication process nowadays is more visual - just for the reason: it is simply more effective - especially in growing international community, where there are some limitations concerning one's spoken language...

Cons are rather aesthetic IMHO.

Maintenance

Group organizers

Group categories

Categories

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: