Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Updates to the change log. Add documentation for the safe-html setting. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
9ef2e5e57b5db1f32141eff5d5aec0c9 |
| User & Date: | drh 2020-06-27 15:51:45.197 |
Context
|
2020-06-27
| ||
| 17:05 | Typos in the help text and the change log. ... (check-in: cd061779 user: drh tags: trunk) | |
| 15:51 | Updates to the change log. Add documentation for the safe-html setting. ... (check-in: 9ef2e5e5 user: drh tags: trunk) | |
| 15:06 | Add query parameters "plaintext" and "raw" to the /help page. ... (check-in: 8530666c user: drh tags: trunk) | |
Changes
Changes to src/wikiformat.c.
| ︙ | ︙ | |||
2620 2621 2622 2623 2624 2625 2626 2627 2628 2629 2630 2631 2632 2633 |
case DOCSRC_FORUM: cPerm = 'f'; break;
case DOCSRC_TICKET: cPerm = 't'; break;
case DOCSRC_WIKI: cPerm = 'w'; break;
}
safeHtmlEnable = (strchr(zSafeHtmlSetting,cPerm)==0);
}
/*
** The input blob contains HTML. If safe-html is enabled, then
** convert the input into "safe HTML". The following modifications
** are made:
**
** 1. Remove any elements that are not on the AllowedMarkup list.
** (ex: <script>, <form>, etc.)
| > > > > > > > > > > > > > | 2620 2621 2622 2623 2624 2625 2626 2627 2628 2629 2630 2631 2632 2633 2634 2635 2636 2637 2638 2639 2640 2641 2642 2643 2644 2645 2646 |
case DOCSRC_FORUM: cPerm = 'f'; break;
case DOCSRC_TICKET: cPerm = 't'; break;
case DOCSRC_WIKI: cPerm = 'w'; break;
}
safeHtmlEnable = (strchr(zSafeHtmlSetting,cPerm)==0);
}
/*
** SETTING: safe-html width=8
** This setting controls whether or not unsafe HTML elements
** (such as <script> or <style>) are allowed in Markdown-formatted
** documents. Unsafe HTML is disabled by default. If this setting
** exists and is a string, then letters in that string can enable
** unsafe HTML in various contexts:
**
** b Unsafe HTML allowed in embedded documentation
** f Unsafe HTML allowed in forum posts
** t Unsafe HTML allowed in tickets
** w Unsafe HTML allowed on wiki pages
*/
/*
** The input blob contains HTML. If safe-html is enabled, then
** convert the input into "safe HTML". The following modifications
** are made:
**
** 1. Remove any elements that are not on the AllowedMarkup list.
** (ex: <script>, <form>, etc.)
|
| ︙ | ︙ |
Changes to www/changes.wiki.
1 2 3 4 5 | <title>Change Log</title> <a name='v2_12'></a> <h2>Changes for Version 2.12 (pending)</h2> | | > | > > > > > | > | | | > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
<title>Change Log</title>
<a name='v2_12'></a>
<h2>Changes for Version 2.12 (pending)</h2>
* Security fix in the "fossil git export" command. The same fix is
also backported to version 2.10.1 and 2.11.1. New "safety-nets"
features were added to prevent similar problems in the future.
* Enhancements to the graph display for cases when there are
many merges into a single check-in.
[/info/2d75e87b760c0a9?diff=0|Example]
* Enhance the markdown formatter to more closely follow the
[https://spec.commonmark.org/0.29/#emphasis-and-strong-emphasis|CommonMark specification]
with regard to text highlighting.
Underscores in the middle of identifiers (ex: `fossil_printf()`)
no longer need to be escaped.
* The markdown-to-html translator can prevent unsafe HTML
(for example: <script>) on user pages like forum and
tickets and wiki. The admin can adjust this behavior using
the [/help?cmd=safe-html|safe-html setting] on the Admin/Wiki page.
The default disallow unsafe HTML.
[https://www.fossil-scm.org/forum/forumpost/3714e6568f|Example].
* Enhance the [/help?cmd=revert|fossil revert] command so that it
is able to revert all files beneath a directory.
* Added the <tt>--reset</tt> flag to the "[/help?cmd=add|fossil add]",
"[/help?cmd=rm|fossil rm]", and
"[/help?cmd=addremove|fossil addremove]" commands.
* Added the "<tt>--min</tt> <i>N</i>" flag to the
[/help?cmd=backoffice|backoffice] command.
* Added the [/help?cmd=/fileedit|/fileedit page], which allows
editing of text files online. Requires explicit activation by
a setup user.
* Translate built-in help text into HTML for display on web pages.
[/help?cmd=help|Example].
* On the [/help?cmd=/timeline|/timeline] webpage, the combination
of query parameters "p=CHECKIN" and "bt=DISTANTANCESTOR" draws all
ancestors of CHECKIN going back to DISTANTANCESTOR. For example,
[/timeline?p=202006271506&bt=version-2.11] shows all ancestors
of the checkin that occured on 2020-06-27 15:06 going back to
the 2.11 release.
* Update the built-in SQLite so that the
"[/help?cmd=sql|fossil sql]" command supports new output
modes ".mode box" and ".mode json".
* Delta compression now applied to forum edits.
<a name='v2_11'></a>
<h2>Changes for Version 2.11 (2020-05-25)</h2>
|
| ︙ | ︙ |