This misses anything but plain <body> tags in the header
↓
if( sqlite3_strlike("%<body>%", zHeader, 0)!=0 ){
Th_Render(zDfltHeader);
}
It might rather be %<body% or %<body%>%, so any style attributes
like <body class="PageyMcPageface"> get recognized still.
Perhaps zDfltHeader[] could even contain a short HTML comment as to
why it was injected. Took me an hour two figure out how the CSP came
to be^^
##
[skin-setup-refactor]. I see the value in the draft feature, but it's
also a bit confusing still (while working on broken skins at least.)
Can we have an option to hide draft admin, or the setup_skin+_admin
pages merged with e.g.:
- draftN… just treated as saved skins?
- edit header/footer/css buttons for each draft/skin
- and [test] urls for each available backup/save/draft
Or something like that.
G!
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
