Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Make sure that any newlines in the CSP are converted into simple spaces before the CSP is added to an HTTP header. This *might* fix a problem reported on the forum. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
e0f2283c154a019ab61f7a928069e90e |
| User & Date: | drh 2020-09-03 19:04:02 |
Context
|
2020-09-04
| ||
| 17:00 | Removed inherited box shadow from ardoise .timelineSelected, per forum request. ... (check-in: 3af6e7ce user: stephan tags: trunk) | |
|
2020-09-03
| ||
| 19:04 | Make sure that any newlines in the CSP are converted into simple spaces before the CSP is added to an HTTP header. This *might* fix a problem reported on the forum. ... (check-in: e0f2283c user: drh tags: trunk) | |
|
2020-09-02
| ||
| 10:55 | When rendering fossil-wiki forum posts, add a wrapper DIV around them so that the CSS which expects that for markdown and plain-text posts still applies. This fixes the sideways layout of fossil-wiki posts like that seen in forumpost/3d709776b8. Note that a simpler fix would be to add the wrapper element to wiki_render_by_mimetype(), but that might have undesired side effects in/via the many other uses of that function. ... (check-in: 7caaa287 user: stephan tags: trunk) | |
Changes
Changes to src/style.c.
| ︙ | ︙ | |||
524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 |
"default-src 'self' data:; "
"script-src 'self' 'nonce-$nonce'; "
"style-src 'self' 'unsafe-inline'";
const char *zFormat = db_get("default-csp","");
Blob csp;
char *zNonce;
char *zCsp;
if( zFormat[0]==0 ){
zFormat = zBackupCSP;
}
blob_init(&csp, 0, 0);
while( zFormat[0] && (zNonce = strstr(zFormat,"$nonce"))!=0 ){
blob_append(&csp, zFormat, (int)(zNonce - zFormat));
blob_append(&csp, style_nonce(), -1);
zFormat = zNonce + 6;
}
blob_append(&csp, zFormat, -1);
zCsp = blob_str(&csp);
if( toHeader ){
cgi_printf_header("Content-Security-Policy: %s\r\n", zCsp);
}
return zCsp;
}
/*
| > > > > | 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 |
"default-src 'self' data:; "
"script-src 'self' 'nonce-$nonce'; "
"style-src 'self' 'unsafe-inline'";
const char *zFormat = db_get("default-csp","");
Blob csp;
char *zNonce;
char *zCsp;
int i;
if( zFormat[0]==0 ){
zFormat = zBackupCSP;
}
blob_init(&csp, 0, 0);
while( zFormat[0] && (zNonce = strstr(zFormat,"$nonce"))!=0 ){
blob_append(&csp, zFormat, (int)(zNonce - zFormat));
blob_append(&csp, style_nonce(), -1);
zFormat = zNonce + 6;
}
blob_append(&csp, zFormat, -1);
zCsp = blob_str(&csp);
/* No whitespace other than actual space characters allowed in the CSP
** string. See https://fossil-scm.org/forum/forumpost/d29e3af43c */
for(i=0; zCsp[i]; i++){ if( fossil_isspace(zCsp[i]) ) zCsp[i] = ' '; }
if( toHeader ){
cgi_printf_header("Content-Security-Policy: %s\r\n", zCsp);
}
return zCsp;
}
/*
|
| ︙ | ︙ |