- π¦πΊAustralia sime Melbourne
What would the machine name be? I'm used to machine names having much more gravitas than a label since you can flippantly change the label in site building.
https://www.drupal.org/node/224921 β is our docs on securely configuring input formats and it recommends against giving people access to the full html format.
The standard and umami install profiles include this by default and make it available to administrator role only.
We should stop doing this so we lead by example. aka remove the foot gun.
Remove the full html input format and editor from both standard and umami install profiles
Active
11.0 π₯
It is used to alert the product manager core committer(s) that an issue represents a significant new feature, UI change, or change to the "user experience" of Drupal, and their signoff is needed. If an issue significantly affects the usability of Drupal, use Needs usability review instead (see the governance policy draft for more information).
It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
What would the machine name be? I'm used to machine names having much more gravitas than a label since you can flippantly change the label in site building.