Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a compiler warning in the security-audit page. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
3243a6c148401814e5e6c4cbdeab071c |
| User & Date: | drh 2019-08-20 02:09:52.336 |
Context
|
2019-08-20
| ||
| 04:07 | Added www/defcsp.md, which documents the default Content Security Policy applied by Fossil to the HTML pages it serves. Linked that into embeddeddoc.wik and customskin.md, which touched on this topic before but didn't go into much detail. ... (check-in: 4e6d36d7d4 user: wyoung tags: trunk) | |
| 02:09 | Fix a compiler warning in the security-audit page. ... (check-in: 3243a6c148 user: drh tags: trunk) | |
|
2019-08-19
| ||
| 17:18 | Have the security-audit page analyze and display the content security policy. ... (check-in: 9cf90a4f9d user: drh tags: trunk) | |
Changes
Changes to src/security_audit.c.
| ︙ | ︙ | |||
62 63 64 65 66 67 68 |
&& fossil_strnicmp(html_attribute(zHeader+ii,"http-equiv",&nx),
"Content-Security-Policy",23)==0
&& nx==23
&& (zAll = html_attribute(zHeader+ii,"content",&nAll))!=0
){
for(jj=nSemi=0; jj<nAll; jj++){ if( zAll[jj]==';' ) nSemi++; }
azCSP = fossil_malloc( nAll+1 + (nSemi+2)*sizeof(char*) );
| | | 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
&& fossil_strnicmp(html_attribute(zHeader+ii,"http-equiv",&nx),
"Content-Security-Policy",23)==0
&& nx==23
&& (zAll = html_attribute(zHeader+ii,"content",&nAll))!=0
){
for(jj=nSemi=0; jj<nAll; jj++){ if( zAll[jj]==';' ) nSemi++; }
azCSP = fossil_malloc( nAll+1 + (nSemi+2)*sizeof(char*) );
zCopy = (char*)&azCSP[nSemi+2];
memcpy(zCopy,zAll,nAll);
zCopy[nAll] = 0;
while( fossil_isspace(zCopy[0]) || zCopy[0]==';' ){ zCopy++; }
azCSP[0] = zCopy;
nCSP = 1;
for(jj=0; zCopy[jj]; jj++){
if( zCopy[jj]==';' ){
|
| ︙ | ︙ |