github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-06-11 06:10:03 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,879 Commits 12 Branches 210 Tags
lexical_fixes
Commit Graph

8 Commits

Author SHA1 Message Date
Dan Brown
897bb338f9 CSP: Updated handling of drawio URL to consider port 
Previously if a custom port was used in the DRAWIO option it would not
be considered in the CSP handling, which would block loading.

Added test to cover.
For #5107
 2024-07-14 16:06:18 +01:00
Dan Brown
78ebcb6f38 Addressed a range of deprecation warnings 
Closes #3969
 2023-01-21 20:50:04 +00:00
Dan Brown
ee6a2339b6 Applied latest styleCI changes 2022-03-09 14:30:36 +00:00
Dan Brown
856fca8289 Updated CSP with frame-src rules 
- Configurable via 'ALLOWED_IFRAME_SOURCES' .env option.
- Also updated how CSP rules are set, with a single header being used
  instead of many.
- Also applied CSP rules to HTML export outputs.
- Updated tests to cover.

For #3314
 2022-03-07 14:27:41 +00:00
Dan Brown
ef459ca4c4 Altered the parsing of custom head to prevent htmlentities on content 
Was causing things like emjoi within script content to be somewhat
mangled. Instead we force UTF8 only parsing via XML declaration.

Added test to cover.

For #2923
 2021-09-12 16:19:17 +01:00
Dan Brown
fb80bb5d58 Applied latest styleci changes 2021-09-06 22:19:06 +01:00
Dan Brown
492af79c27 Added a couple of additional CSP rules 
As per guidance from google's CSP evaluator.
 2021-09-04 14:34:43 +01:00
Dan Brown
253f386f00 Finished off script CSP rules 
- Added caching for custom html head parsing to add nonce.
- Also moved api docs page into web routes to prevent issues.
 2021-09-04 13:57:04 +01:00