• last updated 22 hours ago
Constraints: committers
Constraints: files
Constraints: dates
slightly better way to handle testing in vanilla instances

Make ad_html_security_check configurable

ad_html_security_check has now three optional attributes

to make it configurable for different situations




If these attributes are not specified, the behavior is exactly like

before. This change makes it also easier to regression test this

function, since the behavior does not necessarily depend on a site's

parameter settings.

The function was also modernized, new regression tests were added.

  1. … 1 more file in changeset.
use icanuse machinery for "ns_reflow_text -offset"

  1. … 1 more file in changeset.
Unwrap fake oneliners

Fix typo

make ad_dom_sanitize_html more robust against invalid input

make "util_close_html_tags" public since it is called from public pages

mark unused functions as deprecated

  1. … 1 more file in changeset.
make end of options explicit

  1. … 42 more files in changeset.
Prefer 'namespace which' over 'info commands', as it is faster (on local tests, around 2x) and returns a single value. Many thanks to Nathan Coulter.

  1. … 58 more files in changeset.
Allow in testing mode always a "form" tag, independent of the antispam parameter settings

This addresses an issue, when one is running the regression test for xowiki on installations

with plain dotlrn, where otherwise the validator complains about the form tag in a form.

There should be a nicer way of doing this...

improve spelling

  1. … 6 more files in changeset.
improve spelling: move closer to the linux documentation recommendations

  1. … 34 more files in changeset.
fix typo - deprecated proc should be defined with the old naming convention

improve spelling

  1. … 2 more files in changeset.
Rename string_truncate and string_truncate_middle to comply with OpenACS naming convention, create deprecated wrappers, replace occurrences

As string_truncate_middle was defined in xotcl-request-monitor, bring it to acs-tcl instead

  1. … 11 more files in changeset.
Whitespace cleanup

avoid output of duplicate lines when an empty input line is encountered (many thanks to Franz Penz for the fix)

  1. … 1 more file in changeset.
Deprecate ad_quotehtml. use ns_quotehtml instead.

  1. … 11 more files in changeset.
modernize Tcl

  1. … 2 more files in changeset.
improve spelling

  1. … 15 more files in changeset.
add "blob" to the checked attributes

  1. … 1 more file in changeset.
add checking for javascript and data protocols (fixes issue #3413)

  1. … 3 more files in changeset.
improve spelling and deactivate changes that were probably needed only for Firefox 2

  1. … 9 more files in changeset.
Add proc ad_html_text_convertable_p as deprecated to improve backwards compatibility

The old name ad_html_text_convertable_p contained a spelling

error and was replaced by ad_html_text_convertible_p.

Replace ad_decode idioms

  1. … 2 more files in changeset.
Replace ad_decode idioms

fix typo

perform javascript escaping with more regular semantics

  1. … 1 more file in changeset.
Introduce new ad_js_escape with the purpose of sanitizing tcl strings used inside javascript code from escape sequences and from quotes in particular and provide some test cases

TODO: consider its usage into templates when e.g. we are putting a URL into javascript functions such as acs_ListBulkActionClick. URLs might in fact contain single and double quotes.

  1. … 1 more file in changeset.