You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The possibility to write custom CSS is already present in the Appearance settings. A way to add custom HTML to the page would compliment this nicely.
Motivation
Admins may wish to add custom Script snippets to the website. This could be custom tracking code (see #818) or any number of custom JavaScript applications. Currently there is no mechanism to do so, except for maybe hijacking templates via Docker mounts or similar mechanisms.
Possible implementation details
There should be two text fields to allow adding custom HTML into the head, possibly before the closing tag, and another one to add custom HTML to the end of the body. Two fields because some scripts are required to be placed in head, some are required to be placed in body.
Considerations
This opens up the possibility of XSS and similar attacks. There needs to be a warning to not copy-paste code which is not understood what it does into these text fields.
A different precaution could be to make the fields lockable via environment variables.
The text was updated successfully, but these errors were encountered:
Overview
The possibility to write custom CSS is already present in the
Appearancesettings. A way to add custom HTML to the page would compliment this nicely.Motivation
Admins may wish to add custom Script snippets to the website. This could be custom tracking code (see #818) or any number of custom JavaScript applications. Currently there is no mechanism to do so, except for maybe hijacking templates via Docker mounts or similar mechanisms.
Possible implementation details
There should be two text fields to allow adding custom HTML into the
head, possibly before the closing tag, and another one to add custom HTML to the end of thebody. Two fields because some scripts are required to be placed inhead, some are required to be placed inbody.Considerations
This opens up the possibility of XSS and similar attacks. There needs to be a warning to not copy-paste code which is not understood what it does into these text fields.
A different precaution could be to make the fields lockable via environment variables.
The text was updated successfully, but these errors were encountered: