search

mumble-voip / mumble

Mumble is an open-source, low-latency, high quality voice chat software.
https://www.mumble.info
Other
6.44k stars 1.12k forks source link

allowhtml=true in ini needs more control #1169

Open Tarun80 opened 10 years ago

Tarun80 commented 10 years ago

Overview

As it is now, allowhtml reads per the Mumble Wiki:

Unfortunately this is a bit vague as to what that "some" is. Perhaps with some clarification as to what all is and is not allowed that would help Mumble server administrators in deciding whether or not to enable this setting.

Proposal for more control

The suggestion I'm proposing is to allow more control for server admins as to who can make use of HTML if it is enabled.

I believe that the best way to achieve this would be to have an addition in the ACL Permissions for HTML. A basic Allow/Deny option. This would allow for server owners to choose which groups are allowed and which groups are not allowed to make use of HTML.

As such, a server admin could choose to Deny HTML for Unregistered/Guests while allowing other groups to make use of HTML.

An alternative that may have potential would be a BBCode parser. Though I do not know if that would even be possible with the Qt framework.

I would also like to see the ability for inline images to work in things like comments. Though this may be possible with allowhtml; I have not tested it as I'm unsure what HTML is allowed, which is filtered and which is blocked/denied.

For example, something where this can work in user comments:

<a href="http://twitch.tv/teamsp00ky"><img src="http://streambadge.com/twitch/dark/teamsp00ky.png" width="300" height="64" alt="teamsp00ky's Streambadge"></a>

Which would show this in the comment: teamsp00ky's Streambadge

Thanks!

Tarun80 commented 10 years ago

Any word on this, and perhaps a bit of help finding clarification as to what allowhtml does in a more comprehensive manner?

Tarun80 commented 10 years ago

@dD0T, @mkrautz, is there any further documentation I can find out there on this?

mkrautz commented 10 years ago

The setting 'allowhtml' does the following:

When set to false, it forces the server to transform all text messages to plain text. (It does this by stripping most tags, converting <br> to \n, inserting a \n where <p> tags would have ended.)

When set to true, it does nothing to the HTML. However, the client only understands a subset of HTML that QTextDocument implements: http://qt-project.org/doc/qt-4.8/richtext-html-subset.html