Fossil: Check-in [4675fc70ba]

Fossil SCM

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix to the sizing of the iframe for HTML in the /info page so that it works with CSP unsafe-inline.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:4675fc70ba3b9750c000c7a2a442cf457e47369f94684fe326a56177e4879d33
User & Date: drh 2018-11-30 13:00:37
Context
2018-11-30
13:07
Allow the Admin user to modify the skin. check-in: 257318c1ca user: drh tags: trunk
13:00
Fix to the sizing of the iframe for HTML in the /info page so that it works with CSP unsafe-inline. check-in: 4675fc70ba user: drh tags: trunk
01:11
Add the backoffice-disable setting to completely disable all backoffice processing. check-in: 2467a356fe user: drh tags: trunk
Changes

Changes to src/info.c.

  2127   2127       @ <hr />
  2128   2128       content_get(rid, &content);
  2129   2129       if( renderAsWiki ){
  2130   2130         wiki_render_by_mimetype(&content, zMime);
  2131   2131       }else if( renderAsHtml ){
  2132   2132         @ <iframe src="%R/raw/%T(blob_str(&downloadName))?name=%s(zUuid)"
  2133   2133         @ width="100%%" frameborder="0" marginwidth="0" marginheight="0"
  2134         -      @ sandbox="allow-same-origin"
  2135         -      @ onload="this.height=this.contentDocument.documentElement.scrollHeight;">
         2134  +      @ sandbox="allow-same-origin" id="ifm1">
  2136   2135         @ </iframe>
         2136  +      @ <script nonce="%h(style_nonce())">
         2137  +      @ document.getElementById("ifm1").addEventListener("load",
         2138  +      @   function(){
         2139  +      @     this.height=this.contentDocument.documentElement.scrollHeight + 75;
         2140  +      @   }
         2141  +      @ );
         2142  +      @ </script>
  2137   2143       }else{
  2138   2144         style_submenu_element("Hex", "%s/hexdump?name=%s", g.zTop, zUuid);
  2139   2145         blob_to_utf8_no_bom(&content, 0);
  2140   2146         zMime = mimetype_from_content(&content);
  2141   2147         @ <blockquote>
  2142   2148         if( zMime==0 ){
  2143   2149           const char *z;