On Wed, May 25, 2011 at 08:54, Bogdan Marinov <daggerstab@...> wrote:
> On Wed, May 25, 2011 at 9:45 AM, Fabien Chéreau
> <fabien.chereau@...> wrote:
>> On Wed, May 25, 2011 at 03:52, Alexander Wolf <alex.v.wolf@...> wrote:
>>> 2011/5/25 Fabien Chéreau <fabien.chereau@...>:
>>>> This approach has several advantages: it will be much easier for
>>>> contributors to translate the website, it will be easier to manage
>>>> updates, the whole code will be stored in the main Stellarium bzr.
>>> I would prefer not to load a website in the main repository of Stellarium's.
>> Why? If the doc and wiki directories are omitted it would add only 4mb.
> It may be a source of conflicts when merging branches into the trunk.
> The less merge conflicts, the better.
>>>> 2- There may be some security issues by allowing untrusted people to
>>>> edit the translated website content in launchpad (like injection of
>>>> javascipt etc..). A solution could be to allow only trusted people to
>>>> edit the translations on launchpad, but unfortunately the permissions
>>>> management for project translation in LP is unfortunately not very
>>>> flexible and as far as I understood, I don't think it's possible.
>>> This issue is being addressed through changes policy permissions for
>>> the translation project -
>> I don't see how.
>>> but you can not specify different policies
>>> for different "domain's" within one project.
>> It's another problem yes.
> I suggest using the existing stellarium-website project, though I
> don't see how we can avoid code injection. Perhaps using the PHP
> script that includes the text to strip tags? If this is going to be a
> security vulnerability, I suggest abandoning the plan. Our website is
> visited by a lot of people.
I agree. Possible technical solutions are as you said to strip tags:
e.g. with http://php.net/manual/en/function.strip-tags.php or by
escaping HTML special characters
The only problem is that we need to allow for certain tags like <a>
because their position is language dependent, so we also need to make
> Bogdan Marinov
> vRanger cuts backup time in half-while increasing security.
> With the market-leading solution for virtual backup and recovery,
> you get blazing-fast, flexible, and affordable data protection.
> Download your free trial now.
> Stellarium-pubdevel mailing list