This misses anything but plain <body> tags in the header
  if( sqlite3_strlike("%<body>%", zHeader, 0)!=0 ){

It might rather be %<body% or %<body%>%, so any style attributes
like <body class="PageyMcPageface"> get recognized still.

Perhaps zDfltHeader[] could even contain a short HTML comment as to
why it was injected. Took me an hour two figure out how the CSP came
to be^^


[skin-setup-refactor]. I see the value in the draft feature, but it's
also a bit confusing still (while working on broken skins at least.)

Can we have an option to hide draft admin, or the setup_skin+_admin
pages merged with e.g.:
 - draftN… just treated as saved skins?
 - edit header/footer/css buttons for each draft/skin
 - and [test] urls for each available backup/save/draft
Or something like that.

fossil-users mailing list

Reply via email to