You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The file makes extensive use of reportlab (https://hg.reportlab.com/hg-public/reportlab). There are certain elements that renders unescaped user entered content. This is not ideal.
We should overhaul this code create a more modern-looking, more extensible, and more secure rendered PDF exports. Since this feature is somewhat long running, we should consider putting this in a Celery task.
The text was updated successfully, but these errors were encountered:
Furthermore, there are certain changes planned in the way Ion is deployed that would make solutions such as saving the rosters to a file and providing the user with a link to them significantly more difficult.
What needs to be refactored
intranet/apps/eighth/views/attendance.py makes significant use of raw HTML as well as unclear forms of PDF generation.
Rationale
The file makes extensive use of
reportlab
(https://hg.reportlab.com/hg-public/reportlab). There are certain elements that renders unescaped user entered content. This is not ideal.We should overhaul this code create a more modern-looking, more extensible, and more secure rendered PDF exports. Since this feature is somewhat long running, we should consider putting this in a Celery task.
The text was updated successfully, but these errors were encountered: