The site requires you to have some basic data installed in your database
before running. This is located in the fixtures file and so the README
should tell people to install this data.
We're lock step with this, we're installing with master.
Upstream is dead.
We can't roll back.
It doesn't make since to pin to every commit and revision our apps
version and push it.
We're just going to pull this in to gain full lockstep and call it good.
Drop markdown for monospace
With markdown, we're only allowing about 1/10 of what is possible.
This creates a false reality and expectation. Lets not suggest this.
Nor do we have in-editor preview. So the user has to save, look at it,
then go back and edit. And seeing a bunch of sanitized HTML or just
missing sections isn't firendly.
Monospace, what you type, is what you're going to get. It gives the
presenter enough power to build a readable abstract, but not so much
that they can break the page and it's CSS, nor the ability to confuse
onselve through not getting what you expect.
We keep bleach sanitation and we should probably run linkify on this in
the long term. (Turn links into clickable links)
DEBUG is something that should never be turned in on prod. As such,
lets be extremely specific on what we expect to process.
As we'll be taking this in from the environment, it's ensured we will
get a string. So we'll always get and only handle this in string
form. If it's anything else, it's an operational error and we bail.
(Note: bool('0') is truthy, so we make sure we leverge our string -> int
-> bool every time, so corectness can be noticed if it is not)
This builds a working docker image for the application.
This is only an initial revision. It needs testing. MySQL, PIL, etc.
Was going to use Alpine, however, python3.6 segfaulted on docker
starting up, and I couldn't find the core files...
This is all noop in Py3, and Py2 is broke now in various places.
Dropping Py2 code as it will not be a thing going forward.
Django 2 is the next release, Py2 support will be dropped, as such,
dropping this is forward looking.
This is an XSS vulnribilitiy.
This also blocks a number of MD attributes that a user might attempt to
use.
The following are the allowed attributes.
['a', 'abbr', 'acronym', 'b', 'blockquote', 'code', 'em', 'i', 'li',
'ol', 'p', 'pre', 'strong', 'ul']
I belive this to be acceptable, as honeslty, a speaker using H1 is going
to stomp all over the page and make it harder for the reviewer to parse.
UX wise, it's less than great. A user can do # title and be left with
<h1> in the sanitized output.
