Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Make sure that any newlines in the CSP are converted into simple spaces before the CSP is added to an HTTP header. This *might* fix a problem reported on the forum. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
e0f2283c154a019ab61f7a928069e90e |
User & Date: | drh 2020-09-03 19:04:02 |
Context
2020-09-04
| ||
17:00 | Removed inherited box shadow from ardoise .timelineSelected, per forum request. ... (check-in: 3af6e7ce user: stephan tags: trunk) | |
2020-09-03
| ||
19:04 | Make sure that any newlines in the CSP are converted into simple spaces before the CSP is added to an HTTP header. This *might* fix a problem reported on the forum. ... (check-in: e0f2283c user: drh tags: trunk) | |
2020-09-02
| ||
10:55 | When rendering fossil-wiki forum posts, add a wrapper DIV around them so that the CSS which expects that for markdown and plain-text posts still applies. This fixes the sideways layout of fossil-wiki posts like that seen in forumpost/3d709776b8. Note that a simpler fix would be to add the wrapper element to wiki_render_by_mimetype(), but that might have undesired side effects in/via the many other uses of that function. ... (check-in: 7caaa287 user: stephan tags: trunk) | |
Changes
Changes to src/style.c.
︙ | ︙ | |||
524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 | "default-src 'self' data:; " "script-src 'self' 'nonce-$nonce'; " "style-src 'self' 'unsafe-inline'"; const char *zFormat = db_get("default-csp",""); Blob csp; char *zNonce; char *zCsp; if( zFormat[0]==0 ){ zFormat = zBackupCSP; } blob_init(&csp, 0, 0); while( zFormat[0] && (zNonce = strstr(zFormat,"$nonce"))!=0 ){ blob_append(&csp, zFormat, (int)(zNonce - zFormat)); blob_append(&csp, style_nonce(), -1); zFormat = zNonce + 6; } blob_append(&csp, zFormat, -1); zCsp = blob_str(&csp); if( toHeader ){ cgi_printf_header("Content-Security-Policy: %s\r\n", zCsp); } return zCsp; } /* | > > > > | 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 | "default-src 'self' data:; " "script-src 'self' 'nonce-$nonce'; " "style-src 'self' 'unsafe-inline'"; const char *zFormat = db_get("default-csp",""); Blob csp; char *zNonce; char *zCsp; int i; if( zFormat[0]==0 ){ zFormat = zBackupCSP; } blob_init(&csp, 0, 0); while( zFormat[0] && (zNonce = strstr(zFormat,"$nonce"))!=0 ){ blob_append(&csp, zFormat, (int)(zNonce - zFormat)); blob_append(&csp, style_nonce(), -1); zFormat = zNonce + 6; } blob_append(&csp, zFormat, -1); zCsp = blob_str(&csp); /* No whitespace other than actual space characters allowed in the CSP ** string. See https://fossil-scm.org/forum/forumpost/d29e3af43c */ for(i=0; zCsp[i]; i++){ if( fossil_isspace(zCsp[i]) ) zCsp[i] = ' '; } if( toHeader ){ cgi_printf_header("Content-Security-Policy: %s\r\n", zCsp); } return zCsp; } /* |
︙ | ︙ |