Page MenuHomePhabricator

Allow video embed and custom html in dashboard markup
Closed, WontfixPublic

Description

It seems impossible to add custom html to a dashboard panel

How did they do it ? :-)

Event Timeline

philippe.jadin updated the task description. (Show Details)
philippe.jadin raised the priority of this task from to Wishlist.
chad added a subscriber: chad.Nov 18 2014, 4:20 PM

They maintain a heavily modified fork.

We sure don't want to do that. Would either allow html in remarkup or create a new html panel type be something you'd consider?

epriestley closed this task as Wontfix.Nov 18 2014, 4:28 PM
epriestley claimed this task.

We will never support an HTML panel type in the upstream. It can not be made secure.

Even restricting it to administrators would allow them (or attackers who compromise administrator accounts) to launch attacks that would greatly expand the scope of their power: they could use XSS + CSRF to act as other users. They are not normally permitted to do this:

https://secure.phabricator.com/book/phabricator/article/users/#administrators

You can create a custom panel type locally by subclassing PhabricatorDashboardPanelType and putting your subclass in phabricator/src/extensions/. We can't help you with this, though.

stevex added a subscriber: stevex.Nov 27 2014, 5:13 PM

If someone will be able to get administrator rights I think there will be a lot of "holes" to get in other than an HTML panel, and a lot more damage possible than just impersonating a user.

Sure the less the betterm but without opening in some way the official phabricator to integrate other pieces inside there are just 2 possibilities:

  1. maintaining a fork
  2. put phabricator in in some way in another bigger container (portal)

Both of them I think are not good (or anyway worst) options..

Yes, those are your options. We will never support this in the upstream.

stevex added a comment.EditedNov 28 2014, 7:57 AM

Can you please articulate other options in order to integrate Phabricator with other tools (apart from rewriting everything inside it) in order to give the user something like a portal (as it appears phabricator itself to be designed to)?
I'm genuinly interested in them

Depends entirely what "Other Tools" means. Conduit and Doorkeeper will be built in means of talking to external systems. Remarkup can certainly be expanding to offer more flexibility in writing content into Phabricator. Custom Fields and Event Listeners also allow for customization. Forking and maintaining patches are also what we recommend to people who need heavy integration/customization.

https://secure.phabricator.com/book/phabcontrib/article/feature_requests/ covers what things we look for when building new features into Phabricator.

T4778 covers a bit on what things we can prioritize.