I have a lot of HTML documents in my Nextcloud that I want to be able to read as HTML instead of getting put into a text-viewer.
I am well aware of the security issues with rendering HTML, but all the documents are made by me. Additionally, I would suggest putting the HTML in a
[iframe src=“file.html” sandbox][/iframe] (it gets filtered out if I post it as HTML)
So no Javascript or anything is run, an additionally some CSP magic:
Content-Security-Policy: default-src ‘self’; script-src ‘none’; object-src ‘none’;
If this is still too spicy for who does security in your team, Just put it behind a config options like:
you started a topic in development category. This category is intended for active developers of the core or apps in the Nextcloud ecosystem.
From the description in your topic, it is not clear if you are seeking help and advice about a concrete problem you have or you want to actually develop the corresponding solution.
Please specify explicitly the required information to help you best. These are:
What you want to achieve
What you have done so far
What is failing
What you expect from the forum community
Without additional information the community members cannot help you in an efficient manner. Please keep in mind that the help here in the forum are mostly based on work of volunteers and thus it is just fair to reduce the burden on them.
If you accidentally posted in the category, just give a hint and a moderator can move the corresponding category.
I don’t think that’s a good idea. If this were introduced as an official core feature, it would need to be properly integrated and therefore secure. But feel free to open a feature request on GitHub: https://github.com/nextcloud/server/issues