Fossil SCM

Updates to the change log. Add documentation for the safe-html setting.

drh 2020-06-27 15:51 trunk

Commit 9ef2e5e57b5db1f32141eff5d5aec0c96dee83d5dca83552baa50cbc70ba82eb

Parent 8530666c0986ee3…

2 files changed +13 +22 -6

M src/wikiformat.c

+13

		--- src/wikiformat.c
		+++ src/wikiformat.c
		@@ -2622,10 +2622,23 @@
2622	2622	case DOCSRC_WIKI: cPerm = 'w'; break;
2623	2623	}
2624	2624	safeHtmlEnable = (strchr(zSafeHtmlSetting,cPerm)==0);
2625	2625	}
2626	2626
	2627	+/*
	2628	+** SETTING: safe-html width=8
	2629	+** This setting controls whether or not unsafe HTML elements
	2630	+** (such as <script> or <style>) are allowed in Markdown-formatted
	2631	+** documents. Unsafe HTML is disabled by default. If this setting
	2632	+** exists and is a string, then letters in that string can enable
	2633	+** unsafe HTML in various contexts:
	2634	+**
	2635	+** b Unsafe HTML allowed in embedded documentation
	2636	+** f Unsafe HTML allowed in forum posts
	2637	+** t Unsafe HTML allowed in tickets
	2638	+** w Unsafe HTML allowed on wiki pages
	2639	+*/
2627	2640	/*
2628	2641	** The input blob contains HTML. If safe-html is enabled, then
2629	2642	** convert the input into "safe HTML". The following modifications
2630	2643	** are made:
2631	2644	**
2632	2645

	--- src/wikiformat.c
	+++ src/wikiformat.c
	@@ -2622,10 +2622,23 @@
2622	case DOCSRC_WIKI: cPerm = 'w'; break;
2623	}
2624	safeHtmlEnable = (strchr(zSafeHtmlSetting,cPerm)==0);
2625	}
2626













2627	/*
2628	** The input blob contains HTML. If safe-html is enabled, then
2629	** convert the input into "safe HTML". The following modifications
2630	** are made:
2631	**
2632

	--- src/wikiformat.c
	+++ src/wikiformat.c
	@@ -2622,10 +2622,23 @@
2622	case DOCSRC_WIKI: cPerm = 'w'; break;
2623	}
2624	safeHtmlEnable = (strchr(zSafeHtmlSetting,cPerm)==0);
2625	}
2626
2627	/*
2628	** SETTING: safe-html width=8
2629	** This setting controls whether or not unsafe HTML elements
2630	** (such as <script> or <style>) are allowed in Markdown-formatted
2631	** documents. Unsafe HTML is disabled by default. If this setting
2632	** exists and is a string, then letters in that string can enable
2633	** unsafe HTML in various contexts:
2634	**
2635	** b Unsafe HTML allowed in embedded documentation
2636	** f Unsafe HTML allowed in forum posts
2637	** t Unsafe HTML allowed in tickets
2638	** w Unsafe HTML allowed on wiki pages
2639	*/
2640	/*
2641	** The input blob contains HTML. If safe-html is enabled, then
2642	** convert the input into "safe HTML". The following modifications
2643	** are made:
2644	**
2645

M www/changes.wiki

+22 -6

		--- www/changes.wiki
		+++ www/changes.wiki
		@@ -1,29 +1,45 @@
1	1	<title>Change Log</title>
2	2
3	3	<a name='v2_12'></a>
4	4	<h2>Changes for Version 2.12 (pending)</h2>
5	5
6		- * Security fix in the "fossil git export" command. New "safety-nets"
7		- added to prevent future problems.
	6	+ * Security fix in the "fossil git export" command. The same fix is
	7	+ also backported to version 2.10.1 and 2.11.1. New "safety-nets"
	8	+ features were added to prevent similar problems in the future.
8	9	* Enhancements to the graph display for cases when there are
9	10	many merges into a single check-in.
10	11	[/info/2d75e87b760c0a9?diff=0\|Example]
	12	+ * Enhance the markdown formatter to more closely follow the
	13	+ [https://spec.commonmark.org/0.29/#emphasis-and-strong-emphasis\|CommonMark specification]
	14	+ with regard to text highlighting.
	15	+ Underscores in the middle of identifiers (ex: `fossil_printf()`)
	16	+ no longer need to be escaped.
11	17	* The markdown-to-html translator can prevent unsafe HTML
12	18	(for example: <script>) on user pages like forum and
13		- tickets and wiki, at the administrators option. On by
14		- default.
	19	+ tickets and wiki. The admin can adjust this behavior using
	20	+ the [/help?cmd=safe-html\|safe-html setting] on the Admin/Wiki page.
	21	+ The default disallow unsafe HTML.
15	22	[https://www.fossil-scm.org/forum/forumpost/3714e6568f\|Example].
16	23	* Enhance the [/help?cmd=revert\|fossil revert] command so that it
17	24	is able to revert all files beneath a directory.
18		- * Added <tt>--reset</tt> flag to the "[/help?cmd=add\|fossil add]",
	25	+ * Added the <tt>--reset</tt> flag to the "[/help?cmd=add\|fossil add]",
19	26	"[/help?cmd=rm\|fossil rm]", and
20	27	"[/help?cmd=addremove\|fossil addremove]" commands.
21		- * Editing forum posts now applies delta compression to the edits.
	28	+ * Added the "<tt>--min</tt> <i>N</i>" flag to the
	29	+ [/help?cmd=backoffice\|backoffice] command.
22	30	* Added the [/help?cmd=/fileedit\|/fileedit page], which allows
23	31	editing of text files online. Requires explicit activation by
24	32	a setup user.
	33	+ * Translate built-in help text into HTML for display on web pages.
	34	+ [/help?cmd=help\|Example].
	35	+ * On the [/help?cmd=/timeline\|/timeline] webpage, the combination
	36	+ of query parameters "p=CHECKIN" and "bt=DISTANTANCESTOR" draws all
	37	+ ancestors of CHECKIN going back to DISTANTANCESTOR. For example,
	38	+ [/timeline?p=202006271506&bt=version-2.11] shows all ancestors
	39	+ of the checkin that occured on 2020-06-27 15:06 going back to
	40	+ the 2.11 release.
25	41	* Update the built-in SQLite so that the
26	42	"[/help?cmd=sql\|fossil sql]" command supports new output
27	43	modes ".mode box" and ".mode json".
28	44	* Delta compression now applied to forum edits.
29	45
30	46

	--- www/changes.wiki
	+++ www/changes.wiki
	@@ -1,29 +1,45 @@
1	<title>Change Log</title>
2
3	<a name='v2_12'></a>
4	<h2>Changes for Version 2.12 (pending)</h2>
5
6	* Security fix in the "fossil git export" command. New "safety-nets"
7	added to prevent future problems.

8	* Enhancements to the graph display for cases when there are
9	many merges into a single check-in.
10	[/info/2d75e87b760c0a9?diff=0\|Example]





11	* The markdown-to-html translator can prevent unsafe HTML
12	(for example: <script>) on user pages like forum and
13	tickets and wiki, at the administrators option. On by
14	default.

15	[https://www.fossil-scm.org/forum/forumpost/3714e6568f\|Example].
16	* Enhance the [/help?cmd=revert\|fossil revert] command so that it
17	is able to revert all files beneath a directory.
18	* Added <tt>--reset</tt> flag to the "[/help?cmd=add\|fossil add]",
19	"[/help?cmd=rm\|fossil rm]", and
20	"[/help?cmd=addremove\|fossil addremove]" commands.
21	* Editing forum posts now applies delta compression to the edits.

22	* Added the [/help?cmd=/fileedit\|/fileedit page], which allows
23	editing of text files online. Requires explicit activation by
24	a setup user.








25	* Update the built-in SQLite so that the
26	"[/help?cmd=sql\|fossil sql]" command supports new output
27	modes ".mode box" and ".mode json".
28	* Delta compression now applied to forum edits.
29
30

	--- www/changes.wiki
	+++ www/changes.wiki
	@@ -1,29 +1,45 @@
1	<title>Change Log</title>
2
3	<a name='v2_12'></a>
4	<h2>Changes for Version 2.12 (pending)</h2>
5
6	* Security fix in the "fossil git export" command. The same fix is
7	also backported to version 2.10.1 and 2.11.1. New "safety-nets"
8	features were added to prevent similar problems in the future.
9	* Enhancements to the graph display for cases when there are
10	many merges into a single check-in.
11	[/info/2d75e87b760c0a9?diff=0\|Example]
12	* Enhance the markdown formatter to more closely follow the
13	[https://spec.commonmark.org/0.29/#emphasis-and-strong-emphasis\|CommonMark specification]
14	with regard to text highlighting.
15	Underscores in the middle of identifiers (ex: `fossil_printf()`)
16	no longer need to be escaped.
17	* The markdown-to-html translator can prevent unsafe HTML
18	(for example: <script>) on user pages like forum and
19	tickets and wiki. The admin can adjust this behavior using
20	the [/help?cmd=safe-html\|safe-html setting] on the Admin/Wiki page.
21	The default disallow unsafe HTML.
22	[https://www.fossil-scm.org/forum/forumpost/3714e6568f\|Example].
23	* Enhance the [/help?cmd=revert\|fossil revert] command so that it
24	is able to revert all files beneath a directory.
25	* Added the <tt>--reset</tt> flag to the "[/help?cmd=add\|fossil add]",
26	"[/help?cmd=rm\|fossil rm]", and
27	"[/help?cmd=addremove\|fossil addremove]" commands.
28	* Added the "<tt>--min</tt> <i>N</i>" flag to the
29	[/help?cmd=backoffice\|backoffice] command.
30	* Added the [/help?cmd=/fileedit\|/fileedit page], which allows
31	editing of text files online. Requires explicit activation by
32	a setup user.
33	* Translate built-in help text into HTML for display on web pages.
34	[/help?cmd=help\|Example].
35	* On the [/help?cmd=/timeline\|/timeline] webpage, the combination
36	of query parameters "p=CHECKIN" and "bt=DISTANTANCESTOR" draws all
37	ancestors of CHECKIN going back to DISTANTANCESTOR. For example,
38	[/timeline?p=202006271506&bt=version-2.11] shows all ancestors
39	of the checkin that occured on 2020-06-27 15:06 going back to
40	the 2.11 release.
41	* Update the built-in SQLite so that the
42	"[/help?cmd=sql\|fossil sql]" command supports new output
43	modes ".mode box" and ".mode json".
44	* Delta compression now applied to forum edits.
45
46

Fossil SCM

Keyboard Shortcuts