• last updated 3 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
merge from oacs-5-10

  1. … 8097 more files in changeset.
Activate translator mode only when developer support is active

We just do this when the developer support is active, but this does

not have to be this way. By showing the translator mode only for

developer support, we save for large sites many set operations client

for client properties via "lang::util::translator_mode_p" and

"ad_get_client_property".

added support for body.translate in the blank master

properly quote tags when meant literally

prefere @...;literal@ over @...;noquote@ when possible

Cleanup hardocded xinha references in the plain master

Prefer 'namespace which' over 'info commands', as it is faster (on local tests, around 2x) and returns a single value. Many thanks to Nathan Coulter.

  1. … 58 more files in changeset.
added missing editor hints

  1. … 20 more files in changeset.
address issue #3435 (many thanks to Michael Aram)

  1. … 1 more file in changeset.
Add ad_page_contract

improve spelling: prefer comma after "therefore" and friends

  1. … 5 more files in changeset.
reduce warnings from Chrome audits

  1. … 2 more files in changeset.
improve spelling

  1. … 13 more files in changeset.
improve spelling

  1. … 15 more files in changeset.
fix for #3354.

bump version number to 5.10.0d5

  1. … 1 more file in changeset.
Revert massive replacement of empty list creation sentences. The use of '[list]' instead of '{}' adds semantics that could be used for performance improvements in the future, such as using a different internal representation. There is already work in this direction, avoiding the generation of the string representation during comparison of empty strings (huge thanks to Stefan Sobernig for the pointer: https://core.tcl.tk/tcl/info/44527c632ed609c2).

  1. … 475 more files in changeset.
Prefer '{}' to '[list]' when creating empty lists

  1. … 71 more files in changeset.
fix typos

  1. … 4 more files in changeset.
Improve robustness of the blank master

- added call to subsite::page_plugin callback to blank-master

- standardize spellings

  1. … 2 more files in changeset.
merged changes from the oacs-5-9 branch and resolved conflicts

  1. … 7832 more files in changeset.
remove misleading comment about XHTML

- Tcl idioms: simplify access to first character

  1. … 8 more files in changeset.
- make sure to call template::head::prepare_multirows after all body_scripts are created

- bump version to 5.9.1d6

  1. … 1 more file in changeset.
bootstrap installer:

- added csp policy to the files upgradeable via apm

- bumped version number to 5.9.1d5

  1. … 3 more files in changeset.
file csp-collector.tcl was initially added on branch oacs-5-9.

    • -0
    • +0
    ./SYSTEM/csp-collector.tcl
-- handle ie 11 (uses a different header field for CSP)

- move CSP generation to the end

  1. … 1 more file in changeset.
- Refine security policies: when necessary, define both a nonce and a

'unsafe-inline' to ensure compatibility on some less adavanced

browsers

- use same "secure" setting for ad_session_id, otherwise, just the

last one is honored

- fix linefeed and semicolon in js for focus handling

  1. … 2 more files in changeset.
- add CSP nonce to script tags if nonce value is available

- turn function definition of acs_Focus() into a conditionally defined

body-script

- turn "body_event_handlers" into "window.addEventListener"

  1. … 3 more files in changeset.
- Added support for W3C Content Security Policy(CSP)

* For details about CSP, see https://www.w3.org/TR/CSP/

* New calls:

security::csp::nonce:

Generate a CSP nonce token token

security::csp::require /directive/ /value/:

Add a requirements of a page to the CSP in order to generate

later a tailored policy with the minimal permissions for

this page. For example, the following requirement is

currently added per default to the oacs-master template to

permit style tags and style attribites in the markup.

security::csp::require style-src 'unsafe-inline'

security::csp::render:

Generate a policy from the requirements

* Added Kernel Parameter CSPEnabledP to activate/desctivate CSP

(default on)

- Bump version numbers

acs-tcl to 5.9.1d11

acs-bootstrap-installer to 5.9.1d4

acs-kernel to 5.9.1d17

  1. … 6 more files in changeset.