Fossil SCM
Fix to the sizing of the iframe for HTML in the /info page so that it works with CSP unsafe-inline.
Commit
4675fc70ba3b9750c000c7a2a442cf457e47369f94684fe326a56177e4879d33
Parent
2467a356fe77245…
1 file changed
+8
-2
+8
-2
| --- src/info.c | ||
| +++ src/info.c | ||
| @@ -2129,13 +2129,19 @@ | ||
| 2129 | 2129 | if( renderAsWiki ){ |
| 2130 | 2130 | wiki_render_by_mimetype(&content, zMime); |
| 2131 | 2131 | }else if( renderAsHtml ){ |
| 2132 | 2132 | @ <iframe src="%R/raw/%T(blob_str(&downloadName))?name=%s(zUuid)" |
| 2133 | 2133 | @ width="100%%" frameborder="0" marginwidth="0" marginheight="0" |
| 2134 | - @ sandbox="allow-same-origin" | |
| 2135 | - @ onload="this.height=this.contentDocument.documentElement.scrollHeight;"> | |
| 2134 | + @ sandbox="allow-same-origin" id="ifm1"> | |
| 2136 | 2135 | @ </iframe> |
| 2136 | + @ <script nonce="%h(style_nonce())"> | |
| 2137 | + @ document.getElementById("ifm1").addEventListener("load", | |
| 2138 | + @ function(){ | |
| 2139 | + @ this.height=this.contentDocument.documentElement.scrollHeight + 75; | |
| 2140 | + @ } | |
| 2141 | + @ ); | |
| 2142 | + @ </script> | |
| 2137 | 2143 | }else{ |
| 2138 | 2144 | style_submenu_element("Hex", "%s/hexdump?name=%s", g.zTop, zUuid); |
| 2139 | 2145 | blob_to_utf8_no_bom(&content, 0); |
| 2140 | 2146 | zMime = mimetype_from_content(&content); |
| 2141 | 2147 | @ <blockquote> |
| 2142 | 2148 |
| --- src/info.c | |
| +++ src/info.c | |
| @@ -2129,13 +2129,19 @@ | |
| 2129 | if( renderAsWiki ){ |
| 2130 | wiki_render_by_mimetype(&content, zMime); |
| 2131 | }else if( renderAsHtml ){ |
| 2132 | @ <iframe src="%R/raw/%T(blob_str(&downloadName))?name=%s(zUuid)" |
| 2133 | @ width="100%%" frameborder="0" marginwidth="0" marginheight="0" |
| 2134 | @ sandbox="allow-same-origin" |
| 2135 | @ onload="this.height=this.contentDocument.documentElement.scrollHeight;"> |
| 2136 | @ </iframe> |
| 2137 | }else{ |
| 2138 | style_submenu_element("Hex", "%s/hexdump?name=%s", g.zTop, zUuid); |
| 2139 | blob_to_utf8_no_bom(&content, 0); |
| 2140 | zMime = mimetype_from_content(&content); |
| 2141 | @ <blockquote> |
| 2142 |
| --- src/info.c | |
| +++ src/info.c | |
| @@ -2129,13 +2129,19 @@ | |
| 2129 | if( renderAsWiki ){ |
| 2130 | wiki_render_by_mimetype(&content, zMime); |
| 2131 | }else if( renderAsHtml ){ |
| 2132 | @ <iframe src="%R/raw/%T(blob_str(&downloadName))?name=%s(zUuid)" |
| 2133 | @ width="100%%" frameborder="0" marginwidth="0" marginheight="0" |
| 2134 | @ sandbox="allow-same-origin" id="ifm1"> |
| 2135 | @ </iframe> |
| 2136 | @ <script nonce="%h(style_nonce())"> |
| 2137 | @ document.getElementById("ifm1").addEventListener("load", |
| 2138 | @ function(){ |
| 2139 | @ this.height=this.contentDocument.documentElement.scrollHeight + 75; |
| 2140 | @ } |
| 2141 | @ ); |
| 2142 | @ </script> |
| 2143 | }else{ |
| 2144 | style_submenu_element("Hex", "%s/hexdump?name=%s", g.zTop, zUuid); |
| 2145 | blob_to_utf8_no_bom(&content, 0); |
| 2146 | zMime = mimetype_from_content(&content); |
| 2147 | @ <blockquote> |
| 2148 |