You are viewing a plain text version of this content. The canonical link for it is here.

Posted to infrastructure-issues@apache.org by "Tony Stevenson (JIRA)" <ji...@apache.org> on 2014/07/28 22:27:40 UTC

[jira] [Resolved] (INFRA-7073) Teach Roller to support embedded content and syntax highlighting

     [ https://issues.apache.org/jira/browse/INFRA-7073?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tony Stevenson resolved INFRA-7073.
-----------------------------------

    Resolution: Won't Fix
      Assignee: Tony Stevenson

Please file this issue with the roller community as they can resolve this upstream.  We will not support the workaround as this is too much of a security issue. 



> Teach Roller to support embedded content and syntax highlighting
> ----------------------------------------------------------------
>
>                 Key: INFRA-7073
>                 URL: https://issues.apache.org/jira/browse/INFRA-7073
>             Project: Infrastructure
>          Issue Type: Bug
>          Components: Blogs
>            Reporter: Dave Cottlehuber
>            Assignee: Tony Stevenson
>            Priority: Minor
>              Labels: #bugbash
>
> It's not possible to embed youtube videos, nor enable syntax highlighting for code snips at the moment in Roller.
> # Embedding
> One possible work-around is to enable `weblogAdminsUntrusted=false` in the roller config. Obviously this means any blog account could publish raw html, in the event of it being hacked this would be a Bad Thing.
> A more sophisticated solution would be to extend roller to permit some tags and not others, or to require a reviewer +1 for posts with tagged HTML content.
> # Syntax Highlighting.
> Either permit HTML tags, and let the rendering be done prior to the blog post client-side, or create a 2nd template cloned off the ASF one, with a browser-side code block detection and highlighting. 
> one of either 
> - http://highlightjs.org/
> - http://alexgorbatchev.com/SyntaxHighlighter/
> - http://code.google.com/p/google-code-prettify/
> As mentioned earlier I'm keen to work on the highlighting with some guidance.
> # Alternatives
> Switch to a static blogging system that derives content from markdown, with HTML passthrough possible. This would restrict publishing to committers via push, and be more secure. Comments then need to be outsourced to e.g. disqus or similar though.



--
This message was sent by Atlassian JIRA
(v6.2#6252)