[pmwiki-users] Custom GUI edit buttons can use testing
Petko Yotov
5ko at 5ko.fr
Sat Nov 19 04:59:32 PST 2022
Hello,
I am working on progressively removing the core requirement for inline
JavaScript. This would allow wikis to enable a more strict
Content-Security-Policy, without 'unsafe-inline'. This in turn prevents
cross-site scripting (XSS) vulnerabilities.
The GUIButtons core functions have been updated to the new format. These
functions show the buttons above the edit area, that allow to make links
and to add formatting.
Most core and custom GUI buttons should work the same way as before, but
I may have not envisioned all possible uses.
If you use custom GUI buttons, or a custom recipe that relies on the
core functions, please test the pre-release, and report if you notice
any problems.
You can get the pre-release as usual via Subversion, or from the
ChangeLog page:
https://www.pmwiki.org/wiki/PmWiki/ChangeLog
For this specific feature, only the following files changed:
scripts/guiedit.php
pub/guiedit/guiedit.js
To test it, you can only replace these 2 files from the pre-release to
your installation.
I'll normally be releasing the next version 2.3.15 in 2 weeks. If any
bugs are reported to me in the meantime, I'll have the chance to fix
them before the release.
Thanks,
Petko
More information about the pmwiki-users
mailing list