Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
12 check-ins related to "th1-taint"
|
2025-04-20
| ||
| 16:54 | Add "taint mode" to TH1. Attempts to output values that are derived from user input as unescaped HTML, or to use such values unescaped in SQL, raises errors. The resolution of these errors depends on the value of the new "vuln-report" setting. ... (check-in: 2116238e80 user: drh tags: trunk) | |
| 16:13 | New setting "vuln-report" determines what to do when tainted text is misused in a TH1 script. Enhance the /test-warning page to deliberately misuse tainted text in TH1 to verify error handling. Enhance /errorlog to separate out TH1 vulnerability reports as a new category the the error log. ... (Closed-Leaf check-in: 295b814a27 user: drh tags: th1-taint) | |
|
2025-04-19
| ||
| 23:32 | Fix more issues that were already fixed but overwritten by text editor errors and didn't get committed last time. ... (check-in: bd45dc72dd user: drh tags: th1-taint) | |
| 23:24 | More minor fixes resulting from a code audit. ... (check-in: b1711046d9 user: drh tags: th1-taint) | |
| 23:02 | Fix additional problems on the new TH1 implementation. ... (check-in: 2c2b6c68b2 user: drh tags: th1-taint) | |
| 22:30 | Fix an error that occurs while commiting a new ticket. ... (check-in: 17060ca29a user: drh tags: th1-taint) | |
| 22:15 | fix tainted warning in skin headers ... (check-in: de407148e9 user: jkosche tags: th1-taint) | |
| 19:18 | Update the default ticket configuration to avoid sending out text that seems tainted. There are no actual XSS issues here, but these changes do add an extra margin of safety. ... (check-in: 5d17ced68d user: drh tags: th1-taint) | |
| 19:08 | Mark some TH1 inputs that can be controlled by the user as tainted. ... (check-in: 2742682720 user: drh tags: th1-taint) | |
| 18:43 | The taint markings and detection now appears to be working. ... (check-in: d1bb87bcfd user: drh tags: th1-taint) | |
| 16:55 | Experimental changes to TH1 to try to make it resistant to coding errors that could lead to XSS or SQL injection attacks. ... (check-in: b0b4492480 user: drh tags: th1-taint) | |
|
2025-04-18
| ||
| 16:12 | fix bug in /tktview: use relative instead of absolute link for version ... (check-in: f1db9ead1d user: jkosche tags: trunk) | |