Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
91 check-ins using file src/fossil.popupwidget.js version 3d6ebc50
|
2020-08-20
| ||
| 23:45 | Change width per stephan's request ... (Closed-Leaf check-in: 53458bed user: andygoth tags: andygoth-ardoise-tweaks) | |
| 19:51 | Minor change to auto.def requested by https://bugs.debian.org/961772 ... (check-in: e6de5ec7 user: drh tags: trunk) | |
| 18:08 | Show the artifact hash with a copy button on the header of /file pages. ... (check-in: 00eb7a05 user: drh tags: trunk) | |
| 16:25 | Merge recent changes from trunk. ... (check-in: c93cb2ba user: drh tags: sec2020) | |
| 15:22 | Update the change log and the latest-release link on the homepage. ... (check-in: 5983f5b9 user: drh tags: trunk) | |
| 13:08 | Rearrange code, tweak span colors ... (check-in: 1ffe4cde user: andygoth tags: andygoth-ardoise-tweaks) | |
| 12:31 | Fix CSS priority issue ... (check-in: ed04edd8 user: andygoth tags: andygoth-ardoise-tweaks) | |
| 05:13 | Spelling and grammar fixes to javascript.md. ... (check-in: 209f73cb user: wyoung tags: trunk) | |
| 04:18 | Many improvements to the "Use of JavaScript in Fossil" document, www/javascript.md, inspired by the recent Ajaxifications and forum commentary on the topic. ... (check-in: 977ba78f user: wyoung tags: trunk) | |
| 04:17 | Assorted minor improvements to the javascript.md doc. ... (Closed-Leaf check-in: dc1bc213 user: wyoung tags: js-policy-doc) | |
| 02:14 | Minuscule tweaks to javascript.md ... (check-in: 5648dcfc user: stephan tags: js-policy-doc) | |
| 00:37 | Command fixes in the new material within javascript.md ... (check-in: ba9480b0 user: wyoung tags: js-policy-doc) | |
| 00:11 | Editing pass on javascript.md. ... (check-in: 202a6616 user: wyoung tags: js-policy-doc) | |
|
2020-08-19
| ||
| 23:52 | Moved "Blocking JavaScript" section of javascript.md down into the Q&A section. ... (check-in: 85c7bdb2 user: wyoung tags: js-policy-doc) | |
| 23:45 | Moved my rewrite of Stephan's "Compatibility Concerns" section of javascript.md down into the Q&A section. ... (check-in: 02627949 user: wyoung tags: js-policy-doc) | |
| 23:41 | Moved "Fossil Does Not Snoop On You" section of javascript.md down into a Q&A point. ... (check-in: b76427bb user: wyoung tags: js-policy-doc) | |
| 23:38 | Moved the "No Third-Party JavaScript in Fossil" section of javascript.md down into the Q&A "debate" section. Also reworked some of the following question's answer to the C vs JavaScript matter. ... (check-in: 48ef6333 user: wyoung tags: js-policy-doc) | |
| 23:30 | Moved the old "How Many Users Run with JavaScript Disabled Anyway?" section of javascript.md down into the "debate" section as one of the Q&A points. ... (check-in: bc5cf569 user: wyoung tags: js-policy-doc) | |
| 23:19 | Merged the "Future Plans for JavaScript in Fossil" section of js-policy.md into javascript.md. This all but zeroes out the contents of the old doc, so I've removed it. Future changes go into javascript.md. ... (check-in: 4ad0d979 user: wyoung tags: js-policy-doc) | |
| 23:07 | Hoist the "Compatiblity Concerns" section of js-policy.md into javascript.md. Another near-total rewrite, maintaining the original's points. ... (check-in: 7eef486c user: wyoung tags: js-policy-doc) | |
| 22:57 | Merged Stephan's "in closing" statement after the argumentation section of js-policy.md into the "Philosophy & Policy" section of javascript.md. Another near-rewrite, while maintaining the overall points. ... (check-in: 12acdcf3 user: wyoung tags: js-policy-doc) | |
| 22:49 | Added "Arguments Against JavaScript & Our Rebuttals" section to javascript.md, based on the similar section in this branch's new js-policy.md doc. It's nearly a rewrite, but all of the points remain. ... (check-in: 1e3ee576 user: wyoung tags: js-policy-doc) | |
| 21:24 | Merged trunk changes in ... (check-in: 32ef4cfa user: wyoung tags: js-policy-doc) | |
| 21:19 | Added a section to javascript.md on the new /fileedit feature. ... (check-in: 100b4868 user: wyoung tags: trunk) | |
| 21:05 | Updated the "Line Numbering" section of javascript.md to cover the new interactive line selection in Fossil 2.12. ... (check-in: f84d7a0e user: wyoung tags: trunk) | |
| 20:58 | Updated the "Wiki Editor" section of javascript.md to cover the new `/wikiedit` implementation. ... (check-in: 31c40509 user: wyoung tags: trunk) | |
| 16:13 | Silently ignore reserved filenames that occur inside of manifests, rather than throwing an error. No need for a setting to allow reserved filenames in manifests. ... (check-in: 2e19c5fe user: drh tags: sec2020) | |
| 15:46 | Remove commands "test-nondir-path" and "test-is-reserved-name" and add the equivalent functionality to "test-file-environment". ... (check-in: 0cec61e4 user: drh tags: sec2020) | |
| 15:26 | Remove the --symlinks option from the "fossil open" command. It is not needed. Users who want to enable symlinks can use the "fossil settings" command first. ... (check-in: ff811934 user: drh tags: sec2020) | |
| 15:21 | Add the "fossil test-nondir-path" command for testing parts of the new symlink logic. ... (check-in: 13cfef33 user: drh tags: sec2020) | |
| 14:23 | Harmonize artifact count and average between /stat and /artifact_stats. See https://fossil-scm.org/forum/forumpost/37514b1f67. ... (check-in: 38fa17e4 user: andygoth tags: trunk) | |
| 13:51 | When diffing long sequences, the product of their lengths can overflow to a negative number, triggering optimalLCS() which is very expensive. Prevent this overflow. See https://fossil-scm.org/forum/forumpost/5f9365f9fe for discussion. ... (check-in: e2b7dca9 user: andygoth tags: trunk) | |
| 12:26 | Fix harmless compiler warnings. ... (check-in: feef8275 user: drh tags: sec2020) | |
| 12:22 | Additional defenses against doing "fossil add" of files that are beneath symlinks. ... (check-in: 928b023c user: drh tags: sec2020) | |
| 12:08 | Improved detection of attempts to write through a symlink. Now also works for "revert", "stash", and "undo/redo". ... (check-in: f63297b2 user: drh tags: sec2020) | |
| 08:40 | It turns out we already have javascript.md, with similar aims, so now it's a matter of integrating this doc into that one. ... (check-in: 2e131efc user: stephan tags: js-policy-doc) | |
| 08:11 | Fixed a poorly-placed wordwrap which looked like a new list entry to markup. ... (check-in: 571bf459 user: stephan tags: js-policy-doc) | |
| 08:00 | Initial draft of a project policy doc explaining and justifying its use of JavaScript. ... (check-in: 93e4561b user: stephan tags: js-policy-doc) | |
| 01:33 | Restore blank cell capability, fixes [95ce0e53] ... (check-in: dc94ebc2 user: andygoth tags: trunk) | |
| 00:56 | Make a few tweaks to the Ardoise skin. See https://fossil-scm.org/forum/forumpost/a4bcfec897 for branch discussion. ... (check-in: 535f4eb8 user: andygoth tags: andygoth-ardoise-tweaks) | |
| 00:15 | Do not allow the "fossil add" command to add files beneath a symlink. ... (check-in: a6abfb91 user: drh tags: sec2020) | |
|
2020-08-18
| ||
| 23:39 | An alternative method for dealing with historical files named "_FOSSIL_" in the tree: Simply pretend they are not there. ... (Closed-Leaf check-in: 8f24c079 user: drh tags: ignore-reserved-filenames) | |
| 22:53 | Line numbering forum feedback: removed toast message, replaced vague 'lines X-Y' label with 'Copy link to lines X-Y', removed udc=xxx from the generated URL. ... (check-in: 7c98df41 user: stephan tags: trunk) | |
| 21:01 | fossil.storage.clear() is now also sandboxed - no longer nuking all state for all repos on the same origin. ... (check-in: d2d8894b user: stephan tags: trunk) | |
| 20:58 | Silently refuse to "fossil add" files that use reserved names. ... (check-in: 888da94e user: drh tags: sec2020) | |
| 20:46 | Re-enabled localStorage for fossil.storage but enhanced it to sandbox the keys used by the apps on a per-repo basis, so there is no longer any (immediately visible) cross-repo polution. The underlying localStorage/sessionStorage is still shared per origin/browser profile instance, but fossil.storage clients will only see the state from their own repo. ... (check-in: 923affb9 user: stephan tags: trunk) | |
| 20:19 | Improved error message and response when trying to manifest a check-out that contains a file beneath a symbolic link directory. ... (check-in: 20d90dd4 user: drh tags: sec2020) | |
| 19:56 | Add a security audit warning if the strict-manifest-syntax flag is switched off. ... (check-in: 3105bedf user: drh tags: sec2020) | |
| 19:49 | Rework the "permissive-manifest-parser" idea to be simpler and to call it "strict-manifest-syntax". ... (check-in: 4df8c856 user: drh tags: sec2020) | |
| 18:19 | Disabled localStorage as a backend option for the fossil.storage JS API after it was painfully discovered that multiple repos on the same hoster actually share that storage, as opposed to it being achored at the repo. That API now uses sessionStorage, if available, before falling back to transient instance-local storage. ... (check-in: 5b9a4c90 user: stephan tags: trunk) | |
| 17:25 | permissive-manifest-parser setting is now marked as sensitive to keep an attacker from turning it on. ... (Closed-Leaf check-in: 1e34705e user: stephan tags: sec2020-deadend) | |
| 16:07 | Added and applied permissive-manifest-parser setting to permit parsing of manifests which have F-cards containing now-illegal names. Required for rebuild of historical data and support of repositories we now know to contain such files. ... (check-in: 9e59cf18 user: stephan tags: sec2020-deadend) | |
| 14:02 | Merge in the latest trunk changes. ... (check-in: 917917aa user: drh tags: sec2020) | |
| 14:00 | Allow <del> and <ins> markup in wiki and in markdown. ... (check-in: ae9a9db5 user: drh tags: trunk) | |
| 13:54 | Make -f an alias for --force on "fossil open". ... (check-in: 17c244de user: drh tags: trunk) | |
| 13:17 | More missing db_unprotect() calls. ... (check-in: 06d3789a user: drh tags: sec2020) | |
| 12:17 | When writing files to disk for a check-out, refuse to write through a symbolic link to a directory. Ticket [f9831fdef1d4edcc]. ... (check-in: a64e384f user: drh tags: sec2020) | |
| 02:58 | More missing calls to db_unprotect(). ... (check-in: 3ced48bd user: drh tags: sec2020) | |
| 02:33 | Yet another missed db_unprotect() call. ... (check-in: 2041072e user: drh tags: sec2020) | |
| 02:26 | Fix missing enable of global_config in the "fossil all" command. ... (check-in: 16ec693d user: drh tags: sec2020) | |
| 01:54 | Disable writes the CONFIG and USER tables by default. Permission to write to those tables is turned on as needed. Note - might have missed a few places so expect bugs. ... (check-in: ca9156aa user: drh tags: sec2020) | |
|
2020-08-17
| ||
| 22:34 | Add more tests. ... (check-in: 92704d1c user: mistachkin tags: sec2020) | |
| 22:27 | Simplify error message. ... (check-in: 1bb0b3a8 user: mistachkin tags: sec2020) | |
| 22:22 | Fixes for reserved names case sensitivity, coding style adjustments, more tests. ... (check-in: fde20bc0 user: mistachkin tags: sec2020) | |
| 21:19 | Reduced the line-number-mode font size back to normal. ... (check-in: a703b4ce user: stephan tags: trunk) | |
| 21:17 | A couple minor skin doc typos. ... (check-in: 9e871e0d user: stephan tags: trunk) | |
| 20:51 | Add tests for the reserved names. ... (check-in: df720b28 user: mistachkin tags: sec2020) | |
| 20:03 | Identify security-sensitive settings. ... (check-in: 3bccd7ff user: drh tags: sec2020) | |
| 19:59 | Every database connection now has a default authorizer, which calls out to an operation-specific authorizer if needed. ... (check-in: f98ef3c1 user: drh tags: sec2020) | |
| 18:57 | Enhance the db_prepare() and db_static_prepare() utility routines so that they throw an error if handed more than one SQL statement. This might help prevent SQL injection attacks. ... (check-in: be0d95ad user: drh tags: sec2020) | |
| 18:20 | Merge in reject-ckout-db branch. ... (check-in: 8c16884a user: stephan tags: sec2020) | |
| 17:50 | Fixed [17d00c20dd9f] by adding NULL check on F- and E-card UUID tokens. ... (Closed-Leaf check-in: 458f30fc user: stephan tags: reject-ckout-db) | |
| 17:34 | The allow-symlinks setting is no longer versionable and is off by default. The allow-symlinks setting no longer propagates with a clone. The help text for allow-symlinks discourages its use. There is a new --symlink flag on "fossil open" to permit the use of symlinks on an open, for the adventurous. Ticket [f9831fdef1d4edcc]. ... (check-in: ff98dd5a user: drh tags: sec2020) | |
| 17:34 | Added checks of (-wal, -shm, -journal) db suffixes. ... (check-in: 4ed1a294 user: stephan tags: reject-ckout-db) | |
| 16:10 | Moved is_fossil_ckout_db_name() from db.c to file.c and renamed it filename_is_ckout_db(). Integrated the check into manifest_parse(), but testing it requires temporarily #if'ing out the Z-card check, which is one of the first validations. ... (check-in: 6c19baa0 user: stephan tags: reject-ckout-db) | |
| 15:40 | switch/case style tweak, per request. ... (check-in: 9784e5cd user: stephan tags: reject-ckout-db) | |
| 15:17 | Part 1 of ticket [980a72dedd]: efficient check for determining whether a filename ends with a checkout db name. ... (check-in: ddd1273e user: stephan tags: reject-ckout-db) | |
| 15:11 | Identify security-sensitive settings. ... (Closed-Leaf check-in: aa4c3afc user: drh tags: sec2020-config-protection) | |
| 14:09 | Set an authorizer when running the ticket-table SQL. Ticket [56b82836ffba9952]. ... (check-in: fb413840 user: drh tags: sec2020) | |
| 09:16 | Prohibit redirects from HTTP or HTTPS over to SSH or FILE. Fix for ticket [61613b0a9cf843b6]. ... (check-in: 253dbd15 user: drh tags: sec2020) | |
| 08:14 | Fix typo, remove period for consistency with other help ... (check-in: 80ca317a user: andygoth tags: trunk) | |
| 07:02 | Reinstate symlink capability. (Unintended change with prior symlink test?) ... (check-in: c840617b user: andygoth tags: trunk) | |
|
2020-08-16
| ||
| 23:09 | Add the "test-symlink-list" command. ... (check-in: de38906f user: drh tags: trunk) | |
| 22:35 | Pointed 'latest release' entry at the 2.12 changelog, per forum post. ... (check-in: dba21929 user: stephan tags: trunk) | |
| 19:08 | Enhance the db_repository_filename() routine to return the canonical filename. ... (check-in: f304c569 user: drh tags: trunk) | |
| 17:47 | Fix the manifest_reparent_checkin() routine so that the "parent" tag will actually work. ... (check-in: 2bdbbc8a user: drh tags: trunk) | |
| 17:18 | Mention the "fossil backup" command in the 2.12 change log. ... (check-in: a02bcb03 user: drh tags: trunk) | |
| 16:49 | Fixed file_extension() to behave like its docs say it does, which would have made [5a9ac6ca3e] unnecessary. ... (check-in: f95e47b6 user: stephan tags: trunk) | |
| 16:35 | Fix the release version on the home page. ... (check-in: 4c450330 user: drh tags: trunk) | |
| 16:06 | Fix segfault in /artifact introduced by check-in [b699040d701464ce] and reported on the forum. ... (check-in: 5a9ac6ca user: drh tags: trunk) | |
| 15:52 | Reworked fossil.toast to support normal/warning/error-level toasts. Alas, animating a toast's appearance and disappearance proved to be beyond my current skills. ... (check-in: 4368f529 user: stephan tags: trunk) | |