The "vuln-report" setting:
This setting controls Fossil's behavior when it encounters a potential
XSS or SQL-injection vulnerability due to misuse of TH1 configuration
scripts. Choices are:
- off
- Do nothing. Ignore the vulnerability.
- log
- Write a report of the problem into the error log.
- block
- Like "log" but also prevent the offending TH1 command from running.
- fatal
- Render an error message page instead of the requested page.