Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-01 01:36:00 -04:00
Code Issues Packages Projects Releases Wiki Activity
3,482 Commits 18 Branches 197 Tags 95 MiB
4d72ac16a3
Commit Graph

6 Commits

Author SHA1 Message Date
Dan Brown
ee6a2339b6
Applied latest styleCI changes 2022-03-09 14:30:36 +00:00
Dan Brown
856fca8289
Updated CSP with frame-src rules 
- Configurable via 'ALLOWED_IFRAME_SOURCES' .env option.
- Also updated how CSP rules are set, with a single header being used
  instead of many.
- Also applied CSP rules to HTML export outputs.
- Updated tests to cover.

For #3314
 2022-03-07 14:27:41 +00:00
Dan Brown
ef459ca4c4
Altered the parsing of custom head to prevent htmlentities on content 
Was causing things like emjoi within script content to be somewhat
mangled. Instead we force UTF8 only parsing via XML declaration.

Added test to cover.

For #2923
 2021-09-12 16:19:17 +01:00
Dan Brown
fb80bb5d58
Applied latest styleci changes 2021-09-06 22:19:06 +01:00
Dan Brown
492af79c27
Added a couple of additional CSP rules 
As per guidance from google's CSP evaluator.
 2021-09-04 14:34:43 +01:00
Dan Brown
253f386f00
Finished off script CSP rules 
- Added caching for custom html head parsing to add nonce.
- Also moved api docs page into web routes to prevent issues.
 2021-09-04 13:57:04 +01:00