Fossil SCM
Added the nonce="$NONCE" embedded documentation substitution feature and documented that and the other pre-existing text substitution features.
Commit
02db05e60057a0060246a3d142ede3a83a6c599acb4ae30966f1ea12ffedad0b
Parent
a6fee5898febd2c…
2 files changed
+13
-7
+47
+13
-7
| --- src/doc.c | ||
| +++ src/doc.c | ||
| @@ -523,19 +523,25 @@ | ||
| 523 | 523 | int i, base; |
| 524 | 524 | int n = blob_size(pIn); |
| 525 | 525 | char *z = blob_buffer(pIn); |
| 526 | 526 | for(base=0, i=7; i<n; i++){ |
| 527 | 527 | if( z[i]=='$' |
| 528 | - && strncmp(&z[i],"$ROOT/", 6)==0 | |
| 529 | 528 | && (z[i-1]=='\'' || z[i-1]=='"') |
| 530 | - && i-base>=9 | |
| 531 | - && (fossil_strnicmp(&z[i-7]," href=", 6)==0 || | |
| 532 | - fossil_strnicmp(&z[i-9]," action=", 8)==0) | |
| 533 | - ){ | |
| 529 | + && i-base>=9 ) { | |
| 534 | 530 | blob_append(cgi_output_blob(), &z[base], i-base); |
| 535 | - blob_appendf(cgi_output_blob(), "%R"); | |
| 536 | - base = i+5; | |
| 531 | + if( strncmp(&z[i],"$ROOT/", 6)==0 | |
| 532 | + && (fossil_strnicmp(&z[i-7]," href=", 6)==0 || | |
| 533 | + fossil_strnicmp(&z[i-9]," action=", 8)==0) | |
| 534 | + ){ | |
| 535 | + blob_appendf(cgi_output_blob(), "%R"); | |
| 536 | + base = i+5; | |
| 537 | + } else if( strncmp(&z[i],"$NONCE", 6)==0 | |
| 538 | + && (fossil_strnicmp(&z[i-8]," nonce=", 6)==0) | |
| 539 | + && (z[i+6]=='\'' || z[i+6]=='"') ) { | |
| 540 | + blob_append(cgi_output_blob(), style_nonce(), 48); | |
| 541 | + base = i+6; | |
| 542 | + } | |
| 537 | 543 | } |
| 538 | 544 | } |
| 539 | 545 | blob_append(cgi_output_blob(), &z[base], i-base); |
| 540 | 546 | } |
| 541 | 547 | |
| 542 | 548 |
| --- src/doc.c | |
| +++ src/doc.c | |
| @@ -523,19 +523,25 @@ | |
| 523 | int i, base; |
| 524 | int n = blob_size(pIn); |
| 525 | char *z = blob_buffer(pIn); |
| 526 | for(base=0, i=7; i<n; i++){ |
| 527 | if( z[i]=='$' |
| 528 | && strncmp(&z[i],"$ROOT/", 6)==0 |
| 529 | && (z[i-1]=='\'' || z[i-1]=='"') |
| 530 | && i-base>=9 |
| 531 | && (fossil_strnicmp(&z[i-7]," href=", 6)==0 || |
| 532 | fossil_strnicmp(&z[i-9]," action=", 8)==0) |
| 533 | ){ |
| 534 | blob_append(cgi_output_blob(), &z[base], i-base); |
| 535 | blob_appendf(cgi_output_blob(), "%R"); |
| 536 | base = i+5; |
| 537 | } |
| 538 | } |
| 539 | blob_append(cgi_output_blob(), &z[base], i-base); |
| 540 | } |
| 541 | |
| 542 |
| --- src/doc.c | |
| +++ src/doc.c | |
| @@ -523,19 +523,25 @@ | |
| 523 | int i, base; |
| 524 | int n = blob_size(pIn); |
| 525 | char *z = blob_buffer(pIn); |
| 526 | for(base=0, i=7; i<n; i++){ |
| 527 | if( z[i]=='$' |
| 528 | && (z[i-1]=='\'' || z[i-1]=='"') |
| 529 | && i-base>=9 ) { |
| 530 | blob_append(cgi_output_blob(), &z[base], i-base); |
| 531 | if( strncmp(&z[i],"$ROOT/", 6)==0 |
| 532 | && (fossil_strnicmp(&z[i-7]," href=", 6)==0 || |
| 533 | fossil_strnicmp(&z[i-9]," action=", 8)==0) |
| 534 | ){ |
| 535 | blob_appendf(cgi_output_blob(), "%R"); |
| 536 | base = i+5; |
| 537 | } else if( strncmp(&z[i],"$NONCE", 6)==0 |
| 538 | && (fossil_strnicmp(&z[i-8]," nonce=", 6)==0) |
| 539 | && (z[i+6]=='\'' || z[i+6]=='"') ) { |
| 540 | blob_append(cgi_output_blob(), style_nonce(), 48); |
| 541 | base = i+6; |
| 542 | } |
| 543 | } |
| 544 | } |
| 545 | blob_append(cgi_output_blob(), &z[base], i-base); |
| 546 | } |
| 547 | |
| 548 |
+47
| --- www/embeddeddoc.wiki | ||
| +++ www/embeddeddoc.wiki | ||
| @@ -93,10 +93,57 @@ | ||
| 93 | 93 | required for this to occur. The "data-title='...'" attribute is |
| 94 | 94 | optional, but if it is present the text will become the title displayed |
| 95 | 95 | in the Fossil header. An example of this can be seen in the text |
| 96 | 96 | of the [/artifact/84b4b3d041d93a?txt=1 | Index Of Fossil Documentation] |
| 97 | 97 | document. |
| 98 | + | |
| 99 | + | |
| 100 | +<h2>Server-Side Text Substitution</h2> | |
| 101 | + | |
| 102 | +Fossil can do a few types of substitution of server-side information | |
| 103 | +into the embedded document. | |
| 104 | + | |
| 105 | +<h3>1. $ROOT</h3> | |
| 106 | + | |
| 107 | +To allow for repositories [server/ | served deeper than the root of the | |
| 108 | +URL hierarchy], Fossil can substitute the repository's root in the URL | |
| 109 | +scheme into HTML <tt>href</tt> and <tt>action</tt> attributes. For | |
| 110 | +example: | |
| 111 | + | |
| 112 | +<nowiki><pre> | |
| 113 | + [$ROOT/doc.wiki | doc at project root] | |
| 114 | +</pre></nowiki> | |
| 115 | + | |
| 116 | +might become this in the rendered HTML: | |
| 117 | + | |
| 118 | +<nowiki><pre> | |
| 119 | + <a href="/project/root/doc.wiki">doc at project root</a> | |
| 120 | +</pre></nowiki> | |
| 121 | + | |
| 122 | +As you can see, this happens for all source document types that end up | |
| 123 | +rendering as HTML, not just source documents in the HTML | |
| 124 | +<tt>fossil-doc</tt> format described at the end of the prior section. | |
| 125 | + | |
| 126 | + | |
| 127 | +<h3>2. $NONCE</h3> | |
| 128 | + | |
| 129 | +If you put the string <tt>nonce="$NONCE"</tt> or <tt>nonce='$NONCE'</tt> | |
| 130 | +anywhere in your document, the server's per-page CSP nonce value is | |
| 131 | +substituted into the document at that point. This is most useful in | |
| 132 | +combination with the HTML embedded doc type when using | |
| 133 | +<tt><script></tt> and <tt><style></tt> tags to allow that | |
| 134 | +tag to be accepted by Fossil's default | |
| 135 | +[https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP | CSP settings]. | |
| 136 | + | |
| 137 | + | |
| 138 | +<h3>3. TH1 Documents</h3> | |
| 139 | + | |
| 140 | +Fossil will substitute the value of [./th1.md | TH1 expressions] within | |
| 141 | +<tt>{</tt> curly braces <tt>}</tt> into the output HTML if you have | |
| 142 | +configured it with the <tt>--with-th1-docs</tt> option, which is | |
| 143 | +disabled by default. | |
| 144 | + | |
| 98 | 145 | |
| 99 | 146 | <h2>Examples</h2> |
| 100 | 147 | |
| 101 | 148 | This file that you are currently reading is an example of |
| 102 | 149 | embedded documentation. The name of this file in the fossil |
| 103 | 150 |
| --- www/embeddeddoc.wiki | |
| +++ www/embeddeddoc.wiki | |
| @@ -93,10 +93,57 @@ | |
| 93 | required for this to occur. The "data-title='...'" attribute is |
| 94 | optional, but if it is present the text will become the title displayed |
| 95 | in the Fossil header. An example of this can be seen in the text |
| 96 | of the [/artifact/84b4b3d041d93a?txt=1 | Index Of Fossil Documentation] |
| 97 | document. |
| 98 | |
| 99 | <h2>Examples</h2> |
| 100 | |
| 101 | This file that you are currently reading is an example of |
| 102 | embedded documentation. The name of this file in the fossil |
| 103 |
| --- www/embeddeddoc.wiki | |
| +++ www/embeddeddoc.wiki | |
| @@ -93,10 +93,57 @@ | |
| 93 | required for this to occur. The "data-title='...'" attribute is |
| 94 | optional, but if it is present the text will become the title displayed |
| 95 | in the Fossil header. An example of this can be seen in the text |
| 96 | of the [/artifact/84b4b3d041d93a?txt=1 | Index Of Fossil Documentation] |
| 97 | document. |
| 98 | |
| 99 | |
| 100 | <h2>Server-Side Text Substitution</h2> |
| 101 | |
| 102 | Fossil can do a few types of substitution of server-side information |
| 103 | into the embedded document. |
| 104 | |
| 105 | <h3>1. $ROOT</h3> |
| 106 | |
| 107 | To allow for repositories [server/ | served deeper than the root of the |
| 108 | URL hierarchy], Fossil can substitute the repository's root in the URL |
| 109 | scheme into HTML <tt>href</tt> and <tt>action</tt> attributes. For |
| 110 | example: |
| 111 | |
| 112 | <nowiki><pre> |
| 113 | [$ROOT/doc.wiki | doc at project root] |
| 114 | </pre></nowiki> |
| 115 | |
| 116 | might become this in the rendered HTML: |
| 117 | |
| 118 | <nowiki><pre> |
| 119 | <a href="/project/root/doc.wiki">doc at project root</a> |
| 120 | </pre></nowiki> |
| 121 | |
| 122 | As you can see, this happens for all source document types that end up |
| 123 | rendering as HTML, not just source documents in the HTML |
| 124 | <tt>fossil-doc</tt> format described at the end of the prior section. |
| 125 | |
| 126 | |
| 127 | <h3>2. $NONCE</h3> |
| 128 | |
| 129 | If you put the string <tt>nonce="$NONCE"</tt> or <tt>nonce='$NONCE'</tt> |
| 130 | anywhere in your document, the server's per-page CSP nonce value is |
| 131 | substituted into the document at that point. This is most useful in |
| 132 | combination with the HTML embedded doc type when using |
| 133 | <tt><script></tt> and <tt><style></tt> tags to allow that |
| 134 | tag to be accepted by Fossil's default |
| 135 | [https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP | CSP settings]. |
| 136 | |
| 137 | |
| 138 | <h3>3. TH1 Documents</h3> |
| 139 | |
| 140 | Fossil will substitute the value of [./th1.md | TH1 expressions] within |
| 141 | <tt>{</tt> curly braces <tt>}</tt> into the output HTML if you have |
| 142 | configured it with the <tt>--with-th1-docs</tt> option, which is |
| 143 | disabled by default. |
| 144 | |
| 145 | |
| 146 | <h2>Examples</h2> |
| 147 | |
| 148 | This file that you are currently reading is an example of |
| 149 | embedded documentation. The name of this file in the fossil |
| 150 |