This is an XSS vulnribilitiy.
This also blocks a number of MD attributes that a user might attempt to
use.
The following are the allowed attributes.
['a', 'abbr', 'acronym', 'b', 'blockquote', 'code', 'em', 'i', 'li',
'ol', 'p', 'pre', 'strong', 'ul']
I belive this to be acceptable, as honeslty, a speaker using H1 is going
to stomp all over the page and make it harder for the reviewer to parse.
UX wise, it's less than great. A user can do # title and be left with
<h1> in the sanitized output.
This was put in place a long while ago and lacks the usage documentaiton
for use with this repo. For now, I will remove it from the repo.
We obviously need to bring this or something similar back. But there's
no reason to keep this when it is not being used.
Remove in-app stale resources and their branching of different cons.
Remove dist and move everyting into static/src.
Remove unused stale resouces such as less and hbs, etc.
I cannot find the benifit to this over the base editor.
Tabs work, but that's pretty minimal. And tabs don't work on GitLab or
GitHub, so I don't feel not having that is substantual to functionality.
The bootstrap renderer did not do anything to signify required rows. We
can do this by adding a class for CSS to work on, and add this field in
a more simplified manner.
label-required == append ' *'
I'm not against putting this back, however, it doesn't work quite as one
would expect, so I'm removing it as its functionality is more confusing
that working.
Is this really the best way to address this?
If you unselect AU, then it never comes back. It leaves its value in
the textbox pre-filled if it ever got a value, leaving the field
pre-filled with an Aus state even if the person is New Zealand.
Most of our attendees are from but a few countries, we should make these
equal effort to fill in.
There are a number of attempts to use Deci in ints, which won't work in
2.7 or 3.x, we fix that.
Description doesn't exist in symposion. So that fails our tests pretty
hard. Switch that to Private Abstract. It's clear these tests have not
been run in a very long time. So both failures and especially passes
need to be taken with salt.
We probably want to see a whole bunch of errors collected in errors
anyways. That should get converted to a string uppon being raised, so
pass errors directly.
I was originally going to switch to print function, but frankly I can't
see any reason to keep these. I don't know what data it's leaking into
the logs, but it certainly doesn't seem useful
StringIO is not in Py3. And it's not used at all, so removing that
import. Seems to work with Py3 now. More testing is required.
Boot custom CSS, and put some base, standard css in its place.
Shame I did not start with fresh Bootstrap4, but oh well.
Some more templates could be made to make this less messy, which would
be good.
We don't have these mini-confs (yet).
We don't want these files.
We're not going to rename the release in 0010 and drop all the extra
tables in 0011, we're going to toss them on the cutting room floor and
call it good.
They're in git, we can look at this commit and past ones on how to
recreate these for new proposal additions going forward.