Mercurial Mercurial > pub > hg > cubicweb / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[config] disable fckeditor by default (closes #1368900)
authorJulien Cristau <julien.cristau@logilab.fr>
Thu, 12 Mar 2015 12:29:25 +0100
changeset 10273 ef74abcf369d
parent 10265 9bdc74142164
child 10274 1f84295bfe95
[config] disable fckeditor by default (closes #1368900) FCKEditor is no longer maintained, and has a history of XSS issues. Let's use plain text as default text format.
cwconfig.py file | annotate | diff | comparison | revisions
web/test/unittest_form.py file | annotate | diff | comparison | revisions
web/test/unittest_formfields.py file | annotate | diff | comparison | revisions
web/webconfig.py file | annotate | diff | comparison | revisions 
--- a/cwconfig.py	Thu Mar 05 11:44:29 2015 +0100
+++ b/cwconfig.py	Thu Mar 12 12:29:25 2015 +0100
@@ -279,7 +279,7 @@
     ('default-text-format',
      {'type' : 'choice',
       'choices': ('text/plain', 'text/rest', 'text/html', 'text/markdown'),
-      'default': 'text/html', # use fckeditor in the web ui
+      'default': 'text/plain',
       'help': _('default text format for rich text fields.'),
       'group': 'ui',
       }),
--- a/web/test/unittest_form.py	Thu Mar 05 11:44:29 2015 +0100
+++ b/web/test/unittest_form.py	Thu Mar 12 12:29:25 2015 +0100
@@ -39,7 +39,7 @@
     def test_form_field_format(self):
         with self.admin_access.web_request() as req:
             form = FieldsForm(req, None)
-            self.assertEqual(StringField().format(form), 'text/html')
+            self.assertEqual(StringField().format(form), 'text/plain')
             req.cnx.execute('INSERT CWProperty X: X pkey "ui.default-text-format", X value "text/rest", X for_user U WHERE U login "admin"')
             req.cnx.commit()
             self.assertEqual(StringField().format(form), 'text/rest')
--- a/web/test/unittest_formfields.py	Thu Mar 05 11:44:29 2015 +0100
+++ b/web/test/unittest_formfields.py	Thu Mar 12 12:29:25 2015 +0100
@@ -150,7 +150,7 @@
             self.assertEqual(description_format_field.internationalizable, True)
             self.assertEqual(description_format_field.sort, True)
             # unlike below, initial is bound to form.form_field_format
-            self.assertEqual(description_format_field.value(form), 'text/html')
+            self.assertEqual(description_format_field.value(form), 'text/plain')
             req.cnx.execute('INSERT CWProperty X: X pkey "ui.default-text-format", X value "text/rest", X for_user U WHERE U login "admin"')
             req.cnx.commit()
             self.assertEqual(description_format_field.value(form), 'text/rest')
--- a/web/webconfig.py	Thu Mar 05 11:44:29 2015 +0100
+++ b/web/webconfig.py	Thu Mar 12 12:29:25 2015 +0100
@@ -49,7 +49,7 @@
       }),
     # user web ui configuration
     ('fckeditor',
-     {'type' : 'yn', 'default': True,
+     {'type' : 'yn', 'default': False,
       'help': _('should html fields being edited using fckeditor (a HTML '
                 'WYSIWYG editor).  You should also select text/html as default '
                 'text format to actually get fckeditor.'),
cubicweb