Closed Bug 1370447 Opened 7 years ago Closed 7 years ago

Use CSS to hide the HTML tab in private messages so users can't use HTML in private messages

Categories

(support.mozilla.org - Lithium :: User Experience & Design, enhancement, P5)

Product:
support.mozilla.org - Lithium
Component:
User Experience & Design
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: rolandtanglao, Unassigned)

References

Details

(Keywords: good-first-bug) 

An enhancement that came from bug 1348172

Use CSS to hide the HTML tab for users so they can't use HTML in private messages on Lithium.
Component: Feature request → User Experience & Design
Here are some helpful hints from Lithium on how to do this.

BEGIN COPY AND PASTE FROM LITHIUM's NON PUBLIC SYSTEM (copy and pasted from https://bugzilla.mozilla.org/show_bug.cgi?id=1348172#c12 )

Created By: Damian Ivanov (6/5/2017 2:43 AM)
[Recipients: Sumo Team]

Hello Team,

Thank you for reaching out to us. Please, note that whether the HTML tab will be visible or not, is controlled by the following permissions:

Use full HTML in posts and signatures
Use simple HTML in posts and signatures
Allow user to use advanced HTML in posts and signatures

If you like - you can have a look at the following article for more detailed information:

https://community.lithium.com/t5/Community-FAQ-s/HTML-Permissions-and-User-Experience/ta-p/105159

As a workaround, if you'd like to remove the HTML tab from private messages for all users - you may want to try hiding it using css. For more information on how to edit css and the css classes - please, have a look at the following threads:

https://community.lithium.com/t5/Skins-and-assets/Edit-CSS/ta-p/109071
https://community.lithium.com/t5/Skins-and-assets/About-Lithium-CSS-selectors-and-classes/ta-p/109077

Please, let us know if you need any further clarification.

Kind regards,
Damian

END COPY AND PASTE FROM LITHIUM's NON PUBLIC SYSTEM
Hi Roland any background info on this ?

Is it being discussed or announced anywhere ?
Why are we wishing to prevent users using HTML in private messages ? 
That would normally be considered a feature and an advantage: think blockquotes, screenshots clickable links to posts & KB articles
Why is bug 1348172 not accessible, is this some sort of security concern ??

Additionally as this is deemed necessary for PMs are you going to start restricting HTML use within the rest of sumo possibly including all fora. (That sounds unworkable)

I am wondering whether for PMs we could restrict only the none contributors.

I understand we have already deliberately done the opposite & granted advanced HTML in order to fix another issue:
See bug https:bug1341440 comment6
> This seems to be a permission problem. The use of advanced HTML was only available to certain categories of users i.e. Admins and Moderators. 
>We have changed the permissions so that anybody with a contributor role can use advanced HTML.
>However we cannot test the impact of this and/or whether this causes any other issues until we are back on Lithium.
>I will close this as fixed for now.

If it is a security issue is there much point in trying to only hide a feature behind css wouldn't any hacker be able to easily circumvent that, which means we have a cost to the community but no real increase in security.
See Also: → 1341440
Resolved Invalid since we aren't moving back to Lithium.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.