Fossil

Check-in [3f6a6bdce4]
Login

Check-in [3f6a6bdce4]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Check to see that CSS has been loaded before activating hyperlinks if the user is "nobody".
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 3f6a6bdce421212ea8877e3692870b26e8813183700ac1cf3283f9cf4647a563
User & Date: drh 2025-08-19 10:57:18.870
Context
2025-08-19
15:42
Refactor the code in robot.c to make interfaces available to other parts of the system. ... (check-in: 4fa618faf1 user: drh tags: trunk)
10:57
Check to see that CSS has been loaded before activating hyperlinks if the user is "nobody". ... (check-in: 3f6a6bdce4 user: drh tags: trunk)
10:37
Make "off" the preferred way to diable robot-restrict ... (check-in: db69c47abd user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/default.css. 
1
2
3
4
5
6
7
8
9
10
11
12
13
14

/* This CSS file holds the default implementations for all of fossil's
   CSS classes. When /style.css is requested, the rules in this file
   are emitted first, followed by (1) page-specific CSS (if any) and
   (2) skin-specific CSS.
*/
body {
  z-index: 0 /* part of robot.c:robot_proofofwork() */;
}
div.sidebox {
  float: right;
  background-color: white;
  border-width: medium;
  border-style: double;
  margin: 10px;







|








1
2
3
4
5
6
7
8
9
10
11
12
13
14

/* This CSS file holds the default implementations for all of fossil's
   CSS classes. When /style.css is requested, the rules in this file
   are emitted first, followed by (1) page-specific CSS (if any) and
   (2) skin-specific CSS.
*/
body {
  z-index: 0 /* Used by robot.c:robot_proofofwork() and href.js */;
}
div.sidebox {
  float: right;
  background-color: white;
  border-width: medium;
  border-style: double;
  margin: 10px;
Changes to src/href.js. 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

23
24
25
26
27
28
29
30
31
32

33
34
35
36
37
38
39

/* As an anti-robot defense, <a> elements are initially coded with the
** href= set to the honeypot, and <form> elements are initialized with
** action= set to the login page.  The real values for href= and action=
** are held in data-href= and data-action=.  The following code moves
** data-href= into href= and data-action= into action= for all
** <a> and <form> elements, after delay and maybe also after mouse
** movement is seen.
**
** Before sourcing this script, create a separate <script> element
** (with type='application/json' to avoid Content Security Policy issues)
** containing:
**
**     {"delay":MILLISECONDS, "mouseover":BOOLEAN}
**
** The <script> must have an id='href-data'.  DELAY is the number 
** milliseconds delay prior to populating href= and action=.  If the
** mouseover boolean is true, then the href= rewrite is further delayed
** until the first mousedown event that occurs after the timer expires.
*/
var antiRobot = 0;
function antiRobotGo(){
  if( antiRobot!=3 ) return;

  antiRobot = 7;
  var anchors = document.getElementsByTagName("a");
  for(var i=0; i<anchors.length; i++){
    var j = anchors[i];
    if(j.hasAttribute("data-href")) j.href=j.getAttribute("data-href");
  }
  var forms = document.getElementsByTagName("form");
  for(var i=0; i<forms.length; i++){
    var j = forms[i];
    if(j.hasAttribute("data-action")) j.action=j.getAttribute("data-action");

  }
}
function antiRobotDefense(){
  var x = document.getElementById("href-data");
  var jx = x.textContent || x.innerText;
  var g = JSON.parse(jx);
  if( g.mouseover ){






|
|















>
|
|
|
|
|
|
|
|
|
|
>








1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

/* As an anti-robot defense, <a> elements are initially coded with the
** href= set to the honeypot, and <form> elements are initialized with
** action= set to the login page.  The real values for href= and action=
** are held in data-href= and data-action=.  The following code moves
** data-href= into href= and data-action= into action= for all
** <a> and <form> elements, after CSS has been loaded, and after a delay,
** and maybe also after mouse movement is seen.
**
** Before sourcing this script, create a separate <script> element
** (with type='application/json' to avoid Content Security Policy issues)
** containing:
**
**     {"delay":MILLISECONDS, "mouseover":BOOLEAN}
**
** The <script> must have an id='href-data'.  DELAY is the number 
** milliseconds delay prior to populating href= and action=.  If the
** mouseover boolean is true, then the href= rewrite is further delayed
** until the first mousedown event that occurs after the timer expires.
*/
var antiRobot = 0;
function antiRobotGo(){
  if( antiRobot!=3 ) return;
  if( window.getComputedStyle(document.body).zIndex==='0' ){
    antiRobot = 7;
    var anchors = document.getElementsByTagName("a");
    for(var i=0; i<anchors.length; i++){
      var j = anchors[i];
      if(j.hasAttribute("data-href")) j.href=j.getAttribute("data-href");
    }
    var forms = document.getElementsByTagName("form");
    for(var i=0; i<forms.length; i++){
      var j = forms[i];
      if(j.hasAttribute("data-action")) j.action=j.getAttribute("data-action");
    }
  }
}
function antiRobotDefense(){
  var x = document.getElementById("href-data");
  var jx = x.textContent || x.innerText;
  var g = JSON.parse(jx);
  if( g.mouseover ){

54
55
56
57
58
59
60

61
62
63

    setTimeout(function(){
      antiRobot |= 1;
      antiRobotGo();
    }, g.delay)
  }else{
    antiRobot |= 1;
  }

  antiRobotGo();
}
antiRobotDefense();








>




56
57
58
59
60
61
62
63
64
65
66

    setTimeout(function(){
      antiRobot |= 1;
      antiRobotGo();
    }, g.delay)
  }else{
    antiRobot |= 1;
  }
  window.addEventListener('load',antiRobotGo);
  antiRobotGo();
}
antiRobotDefense();