Fossil

Check-in [db344436]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Added an option to enable ALL HTML, CSS and JavaScript tags/attributes for wiki pages. This comes with a strong warning against doing so on any public project.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:db344436c26577680586ecdac67fa5c2bf3f21c1
User & Date: jeremy_c 2010-01-12 13:38:45
Context
2010-01-12
13:47
Reverted previous commit [1bf6cf832d] as it contains a major flaw of wiki links not being rendered. I tested on simple cases only, will reimplement in a way that allows wiki links to be rendered properly. check-in: b9897bb9 user: jeremy_c tags: trunk
13:38
Added an option to enable ALL HTML, CSS and JavaScript tags/attributes for wiki pages. This comes with a strong warning against doing so on any public project. check-in: db344436 user: jeremy_c tags: trunk
2010-01-11
17:11
Added a 'New Ticket' link to the 'View Ticket' sub menu check-in: 1bf6cf83 user: jeremy_c tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/setup.c.

928
929
930
931
932
933
934











935
936
937
938
939
940
941
  @ automatically redirect to:</p>
  @
  @ <blockquote>%h(g.zBaseURL)/home</blockquote>
  @
  @ <p>The default "/home" page displays a Wiki page with the same name
  @ as the Project Name specified above.  Some sites prefer to redirect
  @ to a documentation page (ex: "/doc/tip/index.wiki") or to "/timeline".</p>











  @ <hr />
  @ <p><input type="submit"  name="submit" value="Apply Changes"></p>
  @ </form>
  db_end_transaction(0);
  style_footer();
}








>
>
>
>
>
>
>
>
>
>
>







928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
  @ automatically redirect to:</p>
  @
  @ <blockquote>%h(g.zBaseURL)/home</blockquote>
  @
  @ <p>The default "/home" page displays a Wiki page with the same name
  @ as the Project Name specified above.  Some sites prefer to redirect
  @ to a documentation page (ex: "/doc/tip/index.wiki") or to "/timeline".</p>
  @ <hr />
  onoff_attribute("Enable ALL HTML tags and attributes on Wiki pages",
                  "wiki-all-html", "wiki-all-html", 0);
  @ <p>Allow ALL HTML tags and attributes on Wiki pages. This should only
  @ be enabled when you trust all wiki contributors. By enabling this option
  @ it is possible for malicious users to insert dangerous HTML, CSS and
  @ JavaScript code. When this option is disabled, only safe HTML tags
  @ and attributes will be allowed.</p>
  @
  @ <p>It is highly recommended that this option not be enabled for public
  @ projects with open wiki's.</p>
  @ <hr />
  @ <p><input type="submit"  name="submit" value="Apply Changes"></p>
  @ </form>
  db_end_transaction(0);
  style_footer();
}

Changes to src/wiki.c.

191
192
193
194
195
196
197



198
199
200

201
202
203
204
205
206
207
...
300
301
302
303
304
305
306




307
308
309
310
311
312


313
314
315
316
317
318
319
...
478
479
480
481
482
483
484

485



486
487

488

489
490
491
492
493
494
495
    }
    if( g.okHistory ){
      style_submenu_element("History", "History", "%s/whistory?name=%T",
           g.zTop, zPageName);
    }
  }
  style_header(zPageName);



  blob_init(&wiki, zBody, -1);
  wiki_convert(&wiki, 0, 0);
  blob_reset(&wiki);

  if( !isSandbox ){
    manifest_clear(&m);
  }
  style_footer();
}

/*
................................................................................
  }
  if( zBody==0 ){
    zBody = mprintf("<i>Empty Page</i>");
  }
  zHtmlPageName = mprintf("Edit: %s", zPageName);
  style_header(zHtmlPageName);
  if( P("preview")!=0 ){




    blob_zero(&wiki);
    blob_append(&wiki, zBody, -1);
    @ Preview:<hr>
    wiki_convert(&wiki, 0, 0);
    @ <hr>
    blob_reset(&wiki);


  }
  for(n=2, z=zBody; z[0]; z++){
    if( z[0]=='\n' ) n++;
  }
  if( n<20 ) n = 20;
  if( n>40 ) n = 40;
  @ <form method="POST" action="%s(g.zBaseURL)/wikiedit">
................................................................................
  }
  zHtmlPageName = mprintf("Append Comment To: %s", zPageName);
  style_header(zHtmlPageName);
  if( P("preview")!=0 ){
    Blob preview;
    blob_zero(&preview);
    appendRemark(&preview);

    @ Preview:<hr>



    wiki_convert(&preview, 0, 0);
    @ <hr>

    blob_reset(&preview);

  }
  zUser = PD("u", g.zLogin);
  @ <form method="POST" action="%s(g.zBaseURL)/wikiappend">
  login_insert_csrf_secret();
  @ <input type="hidden" name="name" value="%h(zPageName)">
  @ Your Name:
  @ <input type="text" name="u" size="20" value="%h(zUser)"><br>







>
>
>
|
|
|
>







 







>
>
>
>
|
|
<
|
<
|
>
>







 







>

>
>
>
|
<
>

>







191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
...
304
305
306
307
308
309
310
311
312
313
314
315
316

317

318
319
320
321
322
323
324
325
326
327
...
486
487
488
489
490
491
492
493
494
495
496
497
498

499
500
501
502
503
504
505
506
507
508
    }
    if( g.okHistory ){
      style_submenu_element("History", "History", "%s/whistory?name=%T",
           g.zTop, zPageName);
    }
  }
  style_header(zPageName);
  if (db_get_int("wiki-all-html",0)==1) {
    @ %s(zBody)
  } else {
    blob_init(&wiki, zBody, -1);
    wiki_convert(&wiki, 0, 0);
    blob_reset(&wiki);
  }
  if( !isSandbox ){
    manifest_clear(&m);
  }
  style_footer();
}

/*
................................................................................
  }
  if( zBody==0 ){
    zBody = mprintf("<i>Empty Page</i>");
  }
  zHtmlPageName = mprintf("Edit: %s", zPageName);
  style_header(zHtmlPageName);
  if( P("preview")!=0 ){
    @ Preview:<hr>    
    if (db_get_int("wiki-all-html",0)==1) {
      @ %s(zBody)
    } else {
      blob_zero(&wiki);
      blob_append(&wiki, zBody, -1);

      wiki_convert(&wiki, 0, 0);

      blob_reset(&wiki);
    }
    @ <hr>
  }
  for(n=2, z=zBody; z[0]; z++){
    if( z[0]=='\n' ) n++;
  }
  if( n<20 ) n = 20;
  if( n>40 ) n = 40;
  @ <form method="POST" action="%s(g.zBaseURL)/wikiedit">
................................................................................
  }
  zHtmlPageName = mprintf("Append Comment To: %s", zPageName);
  style_header(zHtmlPageName);
  if( P("preview")!=0 ){
    Blob preview;
    blob_zero(&preview);
    appendRemark(&preview);

    @ Preview:<hr>
    if (db_get_int("wiki-all-html",0)==1) {
      @ %s(blob_str(&preview))
    } else {
      wiki_convert(&preview, 0, 0);

    }
    blob_reset(&preview);
    @ <hr>
  }
  zUser = PD("u", g.zLogin);
  @ <form method="POST" action="%s(g.zBaseURL)/wikiappend">
  login_insert_csrf_secret();
  @ <input type="hidden" name="name" value="%h(zPageName)">
  @ Your Name:
  @ <input type="text" name="u" size="20" value="%h(zUser)"><br>