Fossil

Check-in [1c50073d31]
Login
Home Timeline Docs Forum Download

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Improvements to the nonce='$NONCE' substitution mechanism.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | server-docs
Files: files | file ages | folders
SHA3-256: 1c50073d317c76fdea5ded7a00ef5f08227a5a030ef27e1a129ed17bec5c9938
User & Date: drh 2019-08-18 10:26:29.117
Context
2019-08-19
00:01
Merged the lists of socket listener daemons into the Socket Listener section of www/server/index.html: the list of known-working daemons down from the numbered list at the top of the article, and the list of potentially-working daemons up from the <noscript>-cloaked document matrix below. Also reordered the sections from simplest to most complex. ... (check-in: d9ab9c567c user: wyoung tags: server-docs)
2019-08-18
10:26
Improvements to the nonce='$NONCE' substitution mechanism. ... (check-in: 1c50073d31 user: drh tags: server-docs)
08:52
Implemented the first version of the JavaScript tutorial chooser in www/server/index.html, complete with fallbacks for the noscript case, optional display of the static document matrix, and pretty CSS transitions between the states. ... (check-in: 0cbdbc725c user: wyoung tags: server-docs)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/doc.c. 
511
512
513
514
515
516
517

518
519

520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539

540
541
542
543
544
545
546
547


/*
** Transfer content to the output.  During the transfer, when text of
** the following form is seen:
**
**       href="$ROOT/
**       action="$ROOT/

**
** Convert $ROOT to the root URI of the repository.  Allow ' in place of "

** and any case for href or action.
*/
void convert_href_and_output(Blob *pIn){
  int i, base;
  int n = blob_size(pIn);
  char *z = blob_buffer(pIn);
  for(base=0, i=7; i<n; i++){
    if( z[i]=='$'
     && (z[i-1]=='\'' || z[i-1]=='"')
     && i-base>=9 ) {
      blob_append(cgi_output_blob(), &z[base], i-base);
      if( strncmp(&z[i],"$ROOT/", 6)==0
       && (fossil_strnicmp(&z[i-7]," href=", 6)==0 ||
             fossil_strnicmp(&z[i-9]," action=", 8)==0)
      ){
        blob_appendf(cgi_output_blob(), "%R");
        base = i+5;
      } else if( strncmp(&z[i],"$NONCE", 6)==0
       && (fossil_strnicmp(&z[i-8]," nonce=", 6)==0)
       && (z[i+6]=='\'' || z[i+6]=='"') ) { 

        blob_append(cgi_output_blob(), style_nonce(), 48);
        base = i+6;
      }
    }
  }
  blob_append(cgi_output_blob(), &z[base], i-base);
}









>

|
>
|


















|
>
|








511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550


/*
** Transfer content to the output.  During the transfer, when text of
** the following form is seen:
**
**       href="$ROOT/
**       action="$ROOT/
**       nonce="$NONCE"
**
** Convert $ROOT to the root URI of the repository and $NONCE to the 
** CSP nonce returned by style_nonce().  Allow ' in place of "
** and any case for href or action or nonce.
*/
void convert_href_and_output(Blob *pIn){
  int i, base;
  int n = blob_size(pIn);
  char *z = blob_buffer(pIn);
  for(base=0, i=7; i<n; i++){
    if( z[i]=='$'
     && (z[i-1]=='\'' || z[i-1]=='"')
     && i-base>=9 ) {
      blob_append(cgi_output_blob(), &z[base], i-base);
      if( strncmp(&z[i],"$ROOT/", 6)==0
       && (fossil_strnicmp(&z[i-7]," href=", 6)==0 ||
             fossil_strnicmp(&z[i-9]," action=", 8)==0)
      ){
        blob_appendf(cgi_output_blob(), "%R");
        base = i+5;
      } else if( strncmp(&z[i],"$NONCE", 6)==0
       && (fossil_strnicmp(&z[i-8]," nonce=", 6)==0)
       && z[i+6]==z[i-1]
      ) { 
        blob_append(cgi_output_blob(), style_nonce(), -1);
        base = i+6;
      }
    }
  }
  blob_append(cgi_output_blob(), &z[base], i-base);
}
This page was generated in about 0.018s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32