Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Make sure the TH1 interp is available before trying to use it. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | dynamicCsp |
| Files: | files | file ages | folders |
| SHA3-256: |
600accbec3aeff10fee269a0957cf68c |
| User & Date: | mistachkin 2019-02-17 07:47:43.835 |
Context
|
2019-02-18
| ||
| 19:09 | When rendering the default header via TH1, allow the default Content-Security-Policy content to be overridden via the 'default_csp' variable. Also, add the 'nonce' command to TH1. ... (check-in: 8a65cd1831 user: mistachkin tags: trunk) | |
|
2019-02-17
| ||
| 07:47 | Make sure the TH1 interp is available before trying to use it. ... (Closed-Leaf check-in: 600accbec3 user: mistachkin tags: dynamicCsp) | |
| 07:16 | Add the 'nonce' command to TH1. Improve clarity of the 'default_csp' variable handling and add comments. ... (check-in: 68e6b07eba user: mistachkin tags: dynamicCsp) | |
Changes
Changes to src/style.c.
| ︙ | ︙ | |||
408 409 410 411 412 413 414 |
static void style_init_th1_vars(const char *zTitle){
const char *zNonce = style_nonce();
/*
** Do not overwrite the TH1 variable "default_csp" if it exists, as this
** allows it to be properly overridden via the TH1 setup script (i.e. it
** is evaluated before the header is rendered).
*/
| < | | | | | | < | 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 |
static void style_init_th1_vars(const char *zTitle){
const char *zNonce = style_nonce();
/*
** Do not overwrite the TH1 variable "default_csp" if it exists, as this
** allows it to be properly overridden via the TH1 setup script (i.e. it
** is evaluated before the header is rendered).
*/
char *zDfltCsp = sqlite3_mprintf("default-src 'self' data: ; "
"script-src 'self' 'nonce-%s' ; "
"style-src 'self' 'unsafe-inline'",
zNonce);
Th_MaybeStore("default_csp", zDfltCsp);
sqlite3_free(zDfltCsp);
Th_Store("nonce", zNonce);
Th_Store("project_name", db_get("project-name","Unnamed Fossil Project"));
Th_Store("project_description", db_get("project-description",""));
if( zTitle ) Th_Store("title", zTitle);
Th_Store("baseurl", g.zBaseURL);
Th_Store("secureurl", fossil_wants_https(1)? g.zHttpsURL: g.zBaseURL);
Th_Store("home", g.zTop);
|
| ︙ | ︙ |
Changes to src/th_main.c.
| ︙ | ︙ | |||
2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 |
Th_Trace("th1-setup {%h} => %h<br />\n", g.th1Setup,
Th_ReturnCodeName(rc, 0));
}
}
g.th1Flags &= ~TH_INIT_MASK;
g.th1Flags |= (flags & TH_INIT_MASK);
}
/*
** Store a string value in a variable in the interpreter.
*/
void Th_Store(const char *zName, const char *zValue){
Th_FossilInit(TH_INIT_DEFAULT);
if( zValue ){
| > > > > > > > > > > > > > > | 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 |
Th_Trace("th1-setup {%h} => %h<br />\n", g.th1Setup,
Th_ReturnCodeName(rc, 0));
}
}
g.th1Flags &= ~TH_INIT_MASK;
g.th1Flags |= (flags & TH_INIT_MASK);
}
/*
** Store a string value in a variable in the interpreter if the variable
** does not already exist.
*/
void Th_MaybeStore(const char *zName, const char *zValue){
Th_FossilInit(TH_INIT_DEFAULT);
if( zValue && !Th_ExistsVar(g.interp, zName, -1) ){
if( g.thTrace ){
Th_Trace("maybe_set %h {%h}<br />\n", zName, zValue);
}
Th_SetVar(g.interp, zName, -1, zValue, strlen(zValue));
}
}
/*
** Store a string value in a variable in the interpreter.
*/
void Th_Store(const char *zName, const char *zValue){
Th_FossilInit(TH_INIT_DEFAULT);
if( zValue ){
|
| ︙ | ︙ |