qqmyers
commented
5 years ago Hmm - I think the first issue would be that the current HTML Previewer strips out scripts and other potentially nefarious content. That could be selectively turned off, but some mechanism would be needed to make that secure, e.g. having some flag on the dataset that was only superuser set-able. (Or a mimetype that only an admin can set, etc.)
Beyond that, if the html and/or javascript libraries are trying to pull content from other files (sounded like it in #5746, but I don't see where), that code would have to be smart enough to find them in dataverse. That could just be a matter of paths, but it's hard to tell without really digging in.
There could be further issues but the current previewer design, which adds the html from the file directly to the DOM, versus putting up an iframe might help there if there are any security issues with javascript in iframes doing things. (If not, an iframe design might be a possible design if the current previewer raises some as yet unidentified issue. For example, the current design won't add any
contents from the file into the html previewers header and I see that there's a css and script currently loaded from the header in the url above...)Definitely a challenge beyond the simple preview of an ~static html document I was aiming for with v1...
pdurbin
shlake
Hi! Over at https://github.com/IQSS/dataverse/issues/5746 we just discussed how there's interest in providing some sort of preview for https://faun.rc.fas.harvard.edu/czucker/Paper_Figures/summary_fig.html that looks like the screenshot below.
Is something like this possible with the HTML previewer? If not, what sort of changes would need to be made? Thanks!