Open mkllnk opened 1 month ago
@mkllnk please add clockify code to issue and associated pull requests
@kirstenalarsen I can't see the clockfy code in this issue : Discover Regenerative (Macdoch pt 2): 3. Open Source Tech Evolution I used Discover Regenerative (Macdoch pt 2): #3C. Tech - DR Site & Integration to log my code review for now, let me know if I need to update it.
Good pick up @rioug . I updated the project codes to give more specificity. Have just adjusted above - could you please switch your hours to #3A
Done ! I also updated the description on the related PR.
:information_source: Please use project Discover Regenerative (Macdoch pt 2): #3A. Tech - OFN & OFN/DFC Endpoints to track work on this issue.
Description
When using a description on another website like the Discover Regenerative portal, any contained HTML tags should be safe.
Currently, the OFN UX allows only certain HTML tags to be inserted into a description. We do not check the content before storing it in the database. Instead, we sanitise the descriptions when displaying them withing the OFN app. Our APIs are not sanitising though, pushing the responsibility to all consumers of the APIs.
The knowledge of allowed HTML tags sits within OFN though and we could sanitise the HTML before storing it in the database. That would make further sanitising in the many other parts of the app redundant. It would also avoid consumers of APIs accidentally embedding unsafe HTML. It would be less work for everyone.
Acceptance Criteria & Tests
<script>
, are filtered out before they are exposed on the DFC API.Related issues:
8901
10376