Support embedded visualization tools

[jeanetteclark]

Describe the feature you'd like

Add the ability to include some kind of visualization tool in portals (leaflet maps, for example).

Is your feature request related to a problem? Please describe.

We have received this request from a couple of different groups (SASAP, PerCS-Net). The specific request from Ben Jones of PerCS-Net is:

As part of the project we've been discussing providing a geotagged paper layer/portal. The idea would be to link published research papers with a location along the arctic coast so that people can more easily discover studies about particular sites. I was thinking that it could be neat to do this two different ways. One way would be to add a map interface to the publication page (similar to the data tab) on the ADC portal

Additional context

From slack, @laurenwalker remarked:

I imagine if a particular group had a map or viz right now that they wanted to display in their portal, we could “whitelist” their portal so that javascript doesn’t get stripped from their markdown sections. But it’s something that would require some further thought

[robyngit]

This feature was requested again recently from the OPC group. From Slack:

They expressed an interest in creating portals as web pages for multiple groups, but wanted to be able to embed data access applications in the pages. The example they showed was here: https://mpahumanuses.com/data-viewer.html

[robyngit]

Related: embedding videos has been requested a number of times (https://github.com/NCEAS/metacatui/issues/1730), as well as PDFs

[yvanlebras]

To add here a +100 we also have such needs from users and we find potentially feasible to propose an easy way to do so for example by allowing inserting iframe code on markdown portal pages, allowing for example to display content if a R shiny app. It seems this functionality is disabled by default in metacatui (or at least using markdown code ok on a markdown web server as codimd is not working on a metacatui portal markdown page).

[mbjones]

@yvanlebras we fully agree. The blocking issue is that embedding these types of items in HTML introduces security issues such as XSS attacks because portals allow users to embed arbitrary content, including malicious content. Due to this, our markdown processors strip all script, object, embed, iframe, and similar tags to prevent these security issues. Finding a way to do this securely is key to enabling this feature. Advances in iframe sandboxing in browsers may indeed provide the degree of isolation needed, but it needs research.

[robyngit]

See related discussion on #2212 (duplicate), including:

Hi Matt, Robyn, come back to this issue with a "domain" oriented point (when my original question was to open any kind of sources to be included) who can be of particular interest for metacat/metacatui as it is relying on well known open source communities and continental wide trusted services by open sciences clouds at least in Europe and Australia. Here I am thinking about continental Galaxy servers and possibility to embed Galaxy workflows into website through iframe as showed in this blog post https://galaxyproject.org/news/2024-04-26-workflows-workflows-workflows/ . Here an example on a online markdown editor from usegalaxy.eu instance https://codimd.math.cnrs.fr/wvsIeWo3QLKGNjmZXHP0IQ?view

[yvanlebras]

Thank you for updating this topic ! Maybe an ""easy"" manner to do is to propose a whitelist of web domains from which iframe are accepted? Such whitelist would be propose by default with metacatui and potentially editable by sys admin of metacatui local installations ? Is this making sense?