Fossil

Check-in [9ef2e5e5]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Updates to the change log. Add documentation for the safe-html setting.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 9ef2e5e57b5db1f32141eff5d5aec0c96dee83d5dca83552baa50cbc70ba82eb
User & Date: drh 2020-06-27 15:51:45
Context
2020-06-27
17:05
Typos in the help text and the change log. (check-in: cd061779 user: drh tags: trunk)
15:51
Updates to the change log. Add documentation for the safe-html setting. (check-in: 9ef2e5e5 user: drh tags: trunk)
15:06
Add query parameters "plaintext" and "raw" to the /help page. (check-in: 8530666c user: drh tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/wikiformat.c.

2620
2621
2622
2623
2624
2625
2626













2627
2628
2629
2630
2631
2632
2633
    case DOCSRC_FORUM:  cPerm = 'f';  break;
    case DOCSRC_TICKET: cPerm = 't';  break;
    case DOCSRC_WIKI:   cPerm = 'w';  break;
  }
  safeHtmlEnable = (strchr(zSafeHtmlSetting,cPerm)==0);
}














/*
** The input blob contains HTML.  If safe-html is enabled, then
** convert the input into "safe HTML".  The following modifications
** are made:
**
**    1.  Remove any elements that are not on the AllowedMarkup list.
**        (ex: <script>, <form>, etc.)







>
>
>
>
>
>
>
>
>
>
>
>
>







2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
    case DOCSRC_FORUM:  cPerm = 'f';  break;
    case DOCSRC_TICKET: cPerm = 't';  break;
    case DOCSRC_WIKI:   cPerm = 'w';  break;
  }
  safeHtmlEnable = (strchr(zSafeHtmlSetting,cPerm)==0);
}

/*
** SETTING: safe-html        width=8
** This setting controls whether or not unsafe HTML elements
** (such as <script> or <style>) are allowed in Markdown-formatted
** documents.  Unsafe HTML is disabled by default.  If this setting
** exists and is a string, then letters in that string can enable
** unsafe HTML in various contexts:
**
**    b           Unsafe HTML allowed in embedded documentation
**    f           Unsafe HTML allowed in forum posts
**    t           Unsafe HTML allowed in tickets
**    w           Unsafe HTML allowed on wiki pages
*/
/*
** The input blob contains HTML.  If safe-html is enabled, then
** convert the input into "safe HTML".  The following modifications
** are made:
**
**    1.  Remove any elements that are not on the AllowedMarkup list.
**        (ex: <script>, <form>, etc.)

Changes to www/changes.wiki.

1
2
3
4
5
6

7
8
9
10





11
12
13
14



15
16
17
18
19
20
21

22
23
24








25
26
27
28
29
30
31
<title>Change Log</title>

<a name='v2_12'></a>
<h2>Changes for Version 2.12 (pending)</h2>

  *  Security fix in the "fossil git export" command. New "safety-nets"

     added to prevent future problems.
  *  Enhancements to the graph display for cases when there are
     many merges into a single check-in.
     [/info/2d75e87b760c0a9?diff=0|Example]





  *  The markdown-to-html translator can prevent unsafe HTML
     (for example: &lt;script&gt;) on user pages like forum and
     tickets and wiki, at the administrators option.  On by
     default.



     [https://www.fossil-scm.org/forum/forumpost/3714e6568f|Example].
  *  Enhance the [/help?cmd=revert|fossil revert] command so that it
     is able to revert all files beneath a directory.
  *  Added <tt>--reset</tt> flag to the "[/help?cmd=add|fossil add]",
     "[/help?cmd=rm|fossil rm]", and
     "[/help?cmd=addremove|fossil addremove]" commands.
  *  Editing forum posts now applies delta compression to the edits.

  *  Added the [/help?cmd=/fileedit|/fileedit page], which allows
     editing of text files online. Requires explicit activation by
     a setup user.








  *  Update the built-in SQLite so that the
     "[/help?cmd=sql|fossil sql]" command supports new output
     modes ".mode box" and ".mode json".
  *  Delta compression now applied to forum edits.

<a name='v2_11'></a>
<h2>Changes for Version 2.11 (2020-05-25)</h2>





|
>
|



>
>
>
>
>


<
<
>
>
>



|


|
>



>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18


19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<title>Change Log</title>

<a name='v2_12'></a>
<h2>Changes for Version 2.12 (pending)</h2>

  *  Security fix in the "fossil git export" command.  The same fix is
     also backported to version 2.10.1 and 2.11.1. New "safety-nets"
     features were added to prevent similar problems in the future.
  *  Enhancements to the graph display for cases when there are
     many merges into a single check-in.
     [/info/2d75e87b760c0a9?diff=0|Example]
  *  Enhance the markdown formatter to more closely follow the
     [https://spec.commonmark.org/0.29/#emphasis-and-strong-emphasis|CommonMark specification]
     with regard to text highlighting.
     Underscores in the middle of identifiers (ex: `fossil_printf()`)
     no longer need to be escaped.
  *  The markdown-to-html translator can prevent unsafe HTML
     (for example: &lt;script&gt;) on user pages like forum and


     tickets and wiki.  The admin can adjust this behavior using
     the [/help?cmd=safe-html|safe-html setting] on the Admin/Wiki page.
     The default disallow unsafe HTML.
     [https://www.fossil-scm.org/forum/forumpost/3714e6568f|Example].
  *  Enhance the [/help?cmd=revert|fossil revert] command so that it
     is able to revert all files beneath a directory.
  *  Added the <tt>--reset</tt> flag to the "[/help?cmd=add|fossil add]",
     "[/help?cmd=rm|fossil rm]", and
     "[/help?cmd=addremove|fossil addremove]" commands.
  *  Added the "<tt>--min</tt> <i>N</i>" flag to the
     [/help?cmd=backoffice|backoffice] command.
  *  Added the [/help?cmd=/fileedit|/fileedit page], which allows
     editing of text files online. Requires explicit activation by
     a setup user.
  *  Translate built-in help text into HTML for display on web pages.
     [/help?cmd=help|Example].
  *  On the [/help?cmd=/timeline|/timeline] webpage, the combination
     of query parameters "p=CHECKIN" and "bt=DISTANTANCESTOR" draws all
     ancestors of CHECKIN going back to DISTANTANCESTOR.  For example,
     [/timeline?p=202006271506&bt=version-2.11] shows all ancestors
     of the checkin that occured on 2020-06-27 15:06 going back to
     the 2.11 release.
  *  Update the built-in SQLite so that the
     "[/help?cmd=sql|fossil sql]" command supports new output
     modes ".mode box" and ".mode json".
  *  Delta compression now applied to forum edits.

<a name='v2_11'></a>
<h2>Changes for Version 2.11 (2020-05-25)</h2>