Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Updates to the change log. Add documentation for the safe-html setting. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
9ef2e5e57b5db1f32141eff5d5aec0c9 |
User & Date: | drh 2020-06-27 15:51:45.197 |
Context
2020-06-27
| ||
17:05 | Typos in the help text and the change log. ... (check-in: cd061779 user: drh tags: trunk) | |
15:51 | Updates to the change log. Add documentation for the safe-html setting. ... (check-in: 9ef2e5e5 user: drh tags: trunk) | |
15:06 | Add query parameters "plaintext" and "raw" to the /help page. ... (check-in: 8530666c user: drh tags: trunk) | |
Changes
Changes to src/wikiformat.c.
︙ | ︙ | |||
2620 2621 2622 2623 2624 2625 2626 2627 2628 2629 2630 2631 2632 2633 | case DOCSRC_FORUM: cPerm = 'f'; break; case DOCSRC_TICKET: cPerm = 't'; break; case DOCSRC_WIKI: cPerm = 'w'; break; } safeHtmlEnable = (strchr(zSafeHtmlSetting,cPerm)==0); } /* ** The input blob contains HTML. If safe-html is enabled, then ** convert the input into "safe HTML". The following modifications ** are made: ** ** 1. Remove any elements that are not on the AllowedMarkup list. ** (ex: <script>, <form>, etc.) | > > > > > > > > > > > > > | 2620 2621 2622 2623 2624 2625 2626 2627 2628 2629 2630 2631 2632 2633 2634 2635 2636 2637 2638 2639 2640 2641 2642 2643 2644 2645 2646 | case DOCSRC_FORUM: cPerm = 'f'; break; case DOCSRC_TICKET: cPerm = 't'; break; case DOCSRC_WIKI: cPerm = 'w'; break; } safeHtmlEnable = (strchr(zSafeHtmlSetting,cPerm)==0); } /* ** SETTING: safe-html width=8 ** This setting controls whether or not unsafe HTML elements ** (such as <script> or <style>) are allowed in Markdown-formatted ** documents. Unsafe HTML is disabled by default. If this setting ** exists and is a string, then letters in that string can enable ** unsafe HTML in various contexts: ** ** b Unsafe HTML allowed in embedded documentation ** f Unsafe HTML allowed in forum posts ** t Unsafe HTML allowed in tickets ** w Unsafe HTML allowed on wiki pages */ /* ** The input blob contains HTML. If safe-html is enabled, then ** convert the input into "safe HTML". The following modifications ** are made: ** ** 1. Remove any elements that are not on the AllowedMarkup list. ** (ex: <script>, <form>, etc.) |
︙ | ︙ |
Changes to www/changes.wiki.
1 2 3 4 5 | <title>Change Log</title> <a name='v2_12'></a> <h2>Changes for Version 2.12 (pending)</h2> | | > | > > > > > | > | | | > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | <title>Change Log</title> <a name='v2_12'></a> <h2>Changes for Version 2.12 (pending)</h2> * Security fix in the "fossil git export" command. The same fix is also backported to version 2.10.1 and 2.11.1. New "safety-nets" features were added to prevent similar problems in the future. * Enhancements to the graph display for cases when there are many merges into a single check-in. [/info/2d75e87b760c0a9?diff=0|Example] * Enhance the markdown formatter to more closely follow the [https://spec.commonmark.org/0.29/#emphasis-and-strong-emphasis|CommonMark specification] with regard to text highlighting. Underscores in the middle of identifiers (ex: `fossil_printf()`) no longer need to be escaped. * The markdown-to-html translator can prevent unsafe HTML (for example: <script>) on user pages like forum and tickets and wiki. The admin can adjust this behavior using the [/help?cmd=safe-html|safe-html setting] on the Admin/Wiki page. The default disallow unsafe HTML. [https://www.fossil-scm.org/forum/forumpost/3714e6568f|Example]. * Enhance the [/help?cmd=revert|fossil revert] command so that it is able to revert all files beneath a directory. * Added the <tt>--reset</tt> flag to the "[/help?cmd=add|fossil add]", "[/help?cmd=rm|fossil rm]", and "[/help?cmd=addremove|fossil addremove]" commands. * Added the "<tt>--min</tt> <i>N</i>" flag to the [/help?cmd=backoffice|backoffice] command. * Added the [/help?cmd=/fileedit|/fileedit page], which allows editing of text files online. Requires explicit activation by a setup user. * Translate built-in help text into HTML for display on web pages. [/help?cmd=help|Example]. * On the [/help?cmd=/timeline|/timeline] webpage, the combination of query parameters "p=CHECKIN" and "bt=DISTANTANCESTOR" draws all ancestors of CHECKIN going back to DISTANTANCESTOR. For example, [/timeline?p=202006271506&bt=version-2.11] shows all ancestors of the checkin that occured on 2020-06-27 15:06 going back to the 2.11 release. * Update the built-in SQLite so that the "[/help?cmd=sql|fossil sql]" command supports new output modes ".mode box" and ".mode json". * Delta compression now applied to forum edits. <a name='v2_11'></a> <h2>Changes for Version 2.11 (2020-05-25)</h2> |
︙ | ︙ |