[p2pu-dev] Spam policy for the new site.

James Tatum jtatum at gmail.com
Thu Apr 14 23:28:04 UTC 2011


Without bugs, you're just making ad hominem attacks. From my
perspective, it seems like you are sad you aren't getting what you
want. It would be like me saying that canvas is so insecure I'd never
even visit the domain on a computer I wasn't prepared to throw out the
window on the canvas mailing list. It's inflammatory and does nothing
to explain why or give it any hope of getting better. It's wildly
inappropriate for a development list.

The project is open source, so if you want to patch anything, it's out
there. Many CKEditor settings are in settings.py, but I suspect you
are actually talking about bleach settings, which sanitize the HTML.
Many of those are also in settings.py, invoked from the various models
that allow storage of sanitized raw HTML.

On Thu, Apr 14, 2011 at 4:19 PM, Dan Diebolt <dandiebolt at gmail.com> wrote:
> Patches to what? You have more holes than swiss cheese security wise among
> {new, www, wiki} and I will just keep my mouth shut if
> practical solutions are going to be met with implied threats of being
> "deactivated" or refusal to implement a 10 minute simple solution. If you
> are referring to allowing the CKEditor to allow <iframe> I would not
> characterize this as a patch since it is just a configuration issue of the
> editor. The guys over at Canvas don't have this imaginary issue with
> <iframe>s
> http://canvas.instructure.com/courses/31847/modules
>
>


More information about the p2pu-dev mailing list