- π©πͺGermany Anybody Porta Westfalica
Currently this module doesn't define own permissions while it would make sense to separate markup field administration from general field administration as not all users who are allowed to administer fields should also be allowed to edit Markup fields which may allow dangerous code. So I'd suggest to add a separate permission for that. Patch follows.
Sidenote: Currently this functionality is part of markup_twig β module until this issue is fixed, because it could mean a security vulnerability of there isn't a way to prevent roles from editing the twig code, see #2860607: Code execution via Twig templates (including inline) β . For pure markup it's not that dangerous, but you could also break DOM structure or inject unwanted / dangerous JavaScript.
Needs work
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.