Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
10 descendants and 10 ancestors of 7907b6ffae6c6fa1
|
2019-08-21
| ||
| 11:26 | Update to the default CSP page. Attempted to resolve merge conflicts, but more editting is likely necessary. ... (check-in: 33a7b8ba user: drh tags: trunk) | |
| 11:09 | Added a header to the new XSS material in defcsp.md so we can refer directly to it. ... (check-in: 7b843f2d user: wyoung tags: trunk) | |
| 11:01 | More thorough explanation of <script nonce> in www/defcsp.md, and explained the reason why Fossil has no way of providing that nonce in most content types rather than link to the "XSS via check-in rights" forum post. This new presentation of that post's ideas is more detailed and includes discussion of the feature's interaction with the TH1 docs feature. ... (check-in: 8d43bb87 user: wyoung tags: trunk) | |
| 09:40 | Major improvements to the new defcsp.md article. Expanded the introductory material to better describe what the CSP does; added named anchors to headers; moved the discussion of $default_csp overrides into this document from customskin.md, which now just says how you use that variable read-only; and added an entirely new section, "Replacing the Default CSP". ... (check-in: 366b23a1 user: wyoung tags: trunk) | |
| 08:52 | Replaced the redundant copy of the default CSP in skins/bootstrap/header.txt with "$default_csp", allowing the TH1 setup script to override the CSP as in all the other stock skins. (Bootstrap is the last stock skin to define a custom <head> element.) ... (check-in: 14ac2cac user: wyoung tags: trunk) | |
|
2019-08-20
| ||
| 19:16 | Fix memcpy() compiler warnings. ... (check-in: 7ae4b1a7 user: drh tags: trunk) | |
| 16:11 | Fix possible misaligned pointer to a 16-bit object. ... (check-in: f7c41be8 user: drh tags: trunk) | |
| 15:04 | Updated and expanded documentation on how to set up a Fossil server. ... (check-in: f146e21a user: drh tags: trunk) | |
| 14:55 | Add the --with-sanitizer option to the ./configure script. ... (check-in: 231d6933 user: drh tags: trunk) | |
| 04:24 | Fixed a couple of Tcl syntax fixes that caused the new --with-sanitizer code to a) run unconditionally irrespective of the option's setting and b) to check for the existence of libubsan whether it was actually needed or not. ... (Closed-Leaf check-in: 66fdab76 user: wyoung tags: configure-updates) | |
| 01:34 | Added --with-sanitizer configure-time option for appending -fsanitize=VALUE to CFLAGS and LDFLAGS, plus automatic detection of -lubsan for GCC, which doesn't automatically link to that with -fsanitize=undefined as Clang does. EDIT: This check-in breaks the built on Ubuntu 18.04. ... (check-in: 7907b6ff user: wyoung tags: configure-updates) | |
|
2019-08-19
| ||
| 17:18 | Have the security-audit page analyze and display the content security policy. ... (check-in: 9cf90a4f user: drh tags: trunk) | |
| 13:04 | Increase the default HTTP request timeout to 10 minutes. Provide the FOSSIL_DEFAULT_TIMEOUT compile-time option for setting an alternative default. ... (check-in: 7979989d user: drh tags: trunk) | |
| 01:17 |
The www/customskin.md document hadn't been updated since we removed the
explicit <html><head> stuff from the default skins and moved that into
the C code so we could insert the CSP and such automatically. Updated
it to show the inner tags that you actually get by default now,
and talked about how the HTML document wrapper is added automatically.
Also fixed some spelling and grammar errors.
...
(check-in: 9044fd2d user: wyoung tags: trunk)
| |
| 00:51 | Fix embedded HTML detection for the 'doc' web page when the 'data-title' attribute is not specified. ... (check-in: 3d6a4fd9 user: mistachkin tags: trunk) | |
|
2019-08-18
| ||
| 01:03 | Capitalization fix in HTML output from /artifact_stats ... (check-in: d570edc6 user: wyoung tags: trunk) | |
| 00:59 | Include forum artifact statistics on the /artifact_stats page. ... (check-in: e2f2a05e user: drh tags: trunk) | |
|
2019-08-16
| ||
| 03:33 | Relaxed the "enforcing" language around the planned change of hash policy from "auto" to "sha3" in Fossil 2.10 within section 2.8 of the fossil-v-git.wiki doc, and clarified what will actually happen with that release as compared to the current release. ... (check-in: c5461fb5 user: wyoung tags: trunk) | |
| 01:57 | Another spell check pass on www/* using a different dictionary than in the prior pass. ([79c2cb083152]) ... (check-in: 0996347d user: wyoung tags: trunk) | |
|
2019-08-13
| ||
| 23:29 | Additional documentation on CGI configuration options. Updates to the change log. New hyperlinks interconnecting the various documents. ... (check-in: fbc3b2f7 user: drh tags: trunk) | |
| 20:44 | Remove the sigalrm_handler() function on windows builds as it is never called there. ... (check-in: 1d7afcdf user: drh tags: trunk) | |