• last updated 5 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Keep comments on the server side

    • -7
    • +10
    /openacs-4/packages/xowiki/tcl/chat-procs.tcl
JS upstream updates

- Updated highcharts to 11.4.0 (when highcharts package is not installed)

- Updated jquery-3.6.3 to jquery-3.7.1.

- Bumped version number to 5.10.1b10

    • -2
    • +2
    /openacs-4/packages/xowiki/xowiki.info
    • -2
    • +2
    /openacs-4/packages/xowiki/tcl/resource-init.tcl
Ensure chat javascript is executed only when the chat itself is actually a part of the DOM

This may not be the case at the time of rendering, e.g. because the chat is rendered inside of a <template> tag and appended to the document at a later moment.

    • -2
    • +19
    /openacs-4/packages/xowiki/tcl/chat-procs.tcl
JS upstream updates

- Updated upstream library to 11.4.0

- Bumped version to 0.5

JS upstream updates

- Updated jquery-3.6.3 to jquery-3.7.1.

- Bumped version to 5.10.1b2

JS upstream updates

- Updated boostrap5 to 5.3.3

- Updated jquery-3.6.3 to jquery-3.7.1.

- Bumped version to 5.10.1b4

file jquery-3.7.1.js was initially added on branch oacs-5-10.

file jquery-3.7.1.min.js was initially added on branch oacs-5-10.

Untangle if logics

Reject URLs displaying multiple protocols

Test further improvement of injection attempt by penetration tests

Harden page contract

Strenghten validation against smarter attempts to disguise the javascript: protocol

Replicate a smarter attempt by a penetration tool to disguise the javascript: protocol

Add new extension mjs, for Javascript modules, to the Javascript mime type

file upgrade-5.10.1b3-5.10.1b4.sql was initially added on branch oacs-5-10.

file upgrade-0.6.2d6-0.6.2d7.sql was initially added on branch oacs-5-10.

added missing function args

reduce verbosity

Harden page contracts

Prefer more robust colon notation to quote database values

    • -1
    • +1
    /openacs-4/packages/xowf/tcl/xowf-procs.tcl
We replace spaces with "&nbsp" for Safari, but then convert will fail in the test... clean up the entities before trying to convert

Fix variable name

Calculate the width before quoting is applied and refine the heuristic

Fix capctha rendering on iOS devices, where apparently spaces need to be translated to entities

    • -3
    • +10
    /openacs-4/packages/captcha/tcl/captcha-procs.tcl
Fix captcha responsiveness

Update italian localization

    • -2
    • +2
    /openacs-4/packages/xowiki/xowiki.info
Introduce server-side validation for HTML5 date and time formfields

A "formats" parameter can be specified on the formfields indicating one or more formats that we want to enforce. The syntax for any of such format is that of the Tcl clock command.

Default values have been set according to the expected behavior of each form field type.

Empty values are always considered valid. If a field is required, this will be enforced in its own validator.

    • -2
    • +2
    /openacs-4/packages/xowiki/xowiki.info
Test behavior of HTML5 date and time formfields when invalid values are submitted

Quote error message to better protect against XSS attacks