Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | This should demonstrate a behavior of inline STYLE tags. Notice gray background of PRE elements in www/defcsp.md and the lack of it in www/webui.wiki. See forum thread 69f475cf48. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | inline-style-inconsistency |
Files: | files | file ages | folders |
SHA3-256: |
1d276f7b234440d525bd55da35e4aa02 |
User & Date: | george 2021-06-19 20:58:33 |
Original Comment: | This should demonstraite a behavior of inline STYLE tags. Notice gray background of elements in www/defcsp.md and the lack of it in www/webui.wiki. See forum thread 69f475cf48. |
Context
2021-06-19
| ||
20:58 | This should demonstrate a behavior of inline STYLE tags. Notice gray background of PRE elements in www/defcsp.md and the lack of it in www/webui.wiki. See forum thread 69f475cf48. ... (Leaf check-in: 1d276f7b user: george tags: inline-style-inconsistency) | |
02:29 | Fix a possible "use-after-free" while rendering a /file page for the case when "ci" parameter is missing. This is a preliminary fix, it may introduce a (tiny) memory leak. ... (check-in: a6477bca user: george tags: trunk) | |
Changes
Changes to www/defcsp.md.
︙ | ︙ | |||
16 17 18 19 20 21 22 23 24 25 26 27 28 29 | For example, Fossil purposely breaks `<script>` tags when it finds them in Markdown and Fossil Wiki documents. And the Fossil build process scans the source code for potential injection vulnerabilities and refuses to compile if any problems are found. However, CSP provides an additional layer of defense against undetected bugs that might lead to a vulnerability. ## The Default Restrictions The default CSP used by Fossil is as follows: <pre> default-src 'self' data:; script-src 'self' 'nonce-$nonce'; | > > > > > > > | 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | For example, Fossil purposely breaks `<script>` tags when it finds them in Markdown and Fossil Wiki documents. And the Fossil build process scans the source code for potential injection vulnerabilities and refuses to compile if any problems are found. However, CSP provides an additional layer of defense against undetected bugs that might lead to a vulnerability. <style> div.content pre { background: #cccccc; padding: 0.25em; } </style> ## The Default Restrictions The default CSP used by Fossil is as follows: <pre> default-src 'self' data:; script-src 'self' 'nonce-$nonce'; |
︙ | ︙ |
Changes to www/webui.wiki.
︙ | ︙ | |||
29 30 31 32 33 34 35 36 37 38 39 40 41 42 | self-contained, stand-alone Fossil executable. As an example of how useful this web interface can be, the entire [./index.wiki | Fossil website], including the document you are now reading, is rendered using the Fossil web interface, with no enhancements, and little customization. <blockquote> <b>Key point:</b> <i>The Fossil website is just a running instance of Fossil! </blockquote> Note also that because Fossil is a distributed system, you can run | > > > > > > > > | 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 | self-contained, stand-alone Fossil executable. As an example of how useful this web interface can be, the entire [./index.wiki | Fossil website], including the document you are now reading, is rendered using the Fossil web interface, with no enhancements, and little customization. <style> div.content pre { background: #cccccc; padding: 0.25em; } </style> <blockquote> <b>Key point:</b> <i>The Fossil website is just a running instance of Fossil! </blockquote> Note also that because Fossil is a distributed system, you can run |
︙ | ︙ |