• last updated 4 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
improve spelling

  1. … 13 more files in changeset.
improve spelling

  1. … 15 more files in changeset.
fix for #3354.

bump version number to 5.10.0d5

  1. … 1 more file in changeset.
Revert massive replacement of empty list creation sentences. The use of '[list]' instead of '{}' adds semantics that could be used for performance improvements in the future, such as using a different internal representation. There is already work in this direction, avoiding the generation of the string representation during comparison of empty strings (huge thanks to Stefan Sobernig for the pointer: https://core.tcl.tk/tcl/info/44527c632ed609c2).

  1. … 475 more files in changeset.
Prefer '{}' to '[list]' when creating empty lists

  1. … 71 more files in changeset.
fix typos

  1. … 4 more files in changeset.
Improve robustness of the blank master

- added call to subsite::page_plugin callback to blank-master

- standardize spellings

  1. … 2 more files in changeset.
merged changes from the oacs-5-9 branch and resolved conflicts

  1. … 7832 more files in changeset.
remove misleading comment about XHTML

- Tcl idioms: simplify access to first character

  1. … 8 more files in changeset.
- make sure to call template::head::prepare_multirows after all body_scripts are created

- bump version to 5.9.1d6

  1. … 1 more file in changeset.
bootstrap installer:

- added csp policy to the files upgradeable via apm

- bumped version number to 5.9.1d5

  1. … 3 more files in changeset.
file csp-collector.tcl was initially added on branch oacs-5-9.

    • -0
    • +0
    ./SYSTEM/csp-collector.tcl
-- handle ie 11 (uses a different header field for CSP)

- move CSP generation to the end

  1. … 1 more file in changeset.
- Refine security policies: when necessary, define both a nonce and a

'unsafe-inline' to ensure compatibility on some less adavanced

browsers

- use same "secure" setting for ad_session_id, otherwise, just the

last one is honored

- fix linefeed and semicolon in js for focus handling

  1. … 2 more files in changeset.
- add CSP nonce to script tags if nonce value is available

- turn function definition of acs_Focus() into a conditionally defined

body-script

- turn "body_event_handlers" into "window.addEventListener"

  1. … 3 more files in changeset.
- Added support for W3C Content Security Policy(CSP)

* For details about CSP, see https://www.w3.org/TR/CSP/

* New calls:

security::csp::nonce:

Generate a CSP nonce token token

security::csp::require /directive/ /value/:

Add a requirements of a page to the CSP in order to generate

later a tailored policy with the minimal permissions for

this page. For example, the following requirement is

currently added per default to the oacs-master template to

permit style tags and style attribites in the markup.

security::csp::require style-src 'unsafe-inline'

security::csp::render:

Generate a policy from the requirements

* Added Kernel Parameter CSPEnabledP to activate/desctivate CSP

(default on)

- Bump version numbers

acs-tcl to 5.9.1d11

acs-bootstrap-installer to 5.9.1d4

acs-kernel to 5.9.1d17

  1. … 6 more files in changeset.
- add support for W3C Subresource Integrity (SRI)

* For details about SRI, see https://www.w3.org/TR/SRI/

* Added arguments -crossorigin and -integrity

to the following functions

template::add_body_script

template::add_script

template::head::add_javascript

template::head::add_link

template::head::add_script

* Updated blank-master.adp

- some more cleanup:

* remove commented out code

* add missing argument documentation

(template::head::add_javascript)

* document arguments alphabetically

  1. … 3 more files in changeset.
- simplify blank-master (replace per richtext-editor hacks by new plugin interface)

- bump version number to 5.9.1d2

  1. … 1 more file in changeset.
- add editor hints to keep spaces/tabs in the furture more consistent

  1. … 754 more files in changeset.
- Improve robustness of blank-master: malformed lists in subsite

parameters could render a subsite useless and hard to correct.

Now the validity of lists is checked, errors are written to the

error.log, invalid parameters are ignored.

- added flat list syntax for ThemeCSS specs (easier to read)

- added parameter ThemeJS similar to ThemeCSS (ability to add head and

body scripts)

- added generalized function template::add_script with non-pos

parameter "-section" which might be "head" or "body" to make both

kind of scripts available to ThemeJS

  1. … 11 more files in changeset.
- improve validity for HTML5

  1. … 1 more file in changeset.
- provide minimal support for ckeditor4 (via CDN)

- added changes from antonio to pass handling for unknown editor to the master templates

  1. … 2 more files in changeset.
- improve safety of HTML

  1. … 1 more file in changeset.
- provide defaults for Content-Style-Type and Content-Script-Type

  1. … 1 more file in changeset.
- allow upgrade of blank-master.{tcl,adp} via install-from-repository. This files should be free of site-specific customizations

    • -0
    • +268
    ./blank-master.tcl
  1. … 2 more files in changeset.