Index: openacs-4/packages/xowiki/xowiki.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/xowiki.info,v
diff -u -r1.153.2.16 -r1.153.2.17
--- openacs-4/packages/xowiki/xowiki.info 5 Jul 2016 15:46:07 -0000 1.153.2.16
+++ openacs-4/packages/xowiki/xowiki.info 8 Sep 2016 09:45:18 -0000 1.153.2.17
@@ -10,10 +10,10 @@
t
xowiki
-
+
Gustaf Neumann
A xotcl-based enterprise wiki system with multiple object types
- 2015-10-04
+ 2016-09-08
WU Vienna
<pre>
XoWiki is a Wiki implementation for OpenACS in XOTcl. Instead of
@@ -55,10 +55,10 @@
BSD-Style
2
-
+
-
+
Index: openacs-4/packages/xowiki/tcl/bootstrap-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/bootstrap-procs.tcl,v
diff -u -r1.3.2.8 -r1.3.2.9
--- openacs-4/packages/xowiki/tcl/bootstrap-procs.tcl 25 May 2016 19:33:46 -0000 1.3.2.8
+++ openacs-4/packages/xowiki/tcl/bootstrap-procs.tcl 8 Sep 2016 09:45:18 -0000 1.3.2.9
@@ -453,6 +453,9 @@
BootstrapTableRenderer instproc render {} {
::xo::Page requireCSS "//netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css"
+ security::csp::require style-src netdna.bootstrapcdn.com
+ security::csp::require font-src netdna.bootstrapcdn.com
+
if {![my isobject [self]::__actions]} {my actions {}}
if {![my isobject [self]::__bulkactions]} {my __bulkactions {}}
set bulkactions [[self]::__bulkactions children]
Index: openacs-4/packages/xowiki/tcl/form-field-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/form-field-procs.tcl,v
diff -u -r1.248.2.25 -r1.248.2.26
--- openacs-4/packages/xowiki/tcl/form-field-procs.tcl 1 Sep 2016 12:01:53 -0000 1.248.2.25
+++ openacs-4/packages/xowiki/tcl/form-field-procs.tcl 8 Sep 2016 09:45:18 -0000 1.248.2.26
@@ -1707,20 +1707,24 @@
default {error "value '[my set displayMode]' invalid: valid entries for displayMode are inplace, inline or standard (default)"}
}
#
- # Don't set HTML5 attribute required, since this does not match
+ # Don't set HTML5 attribute "required", since this does not match
# well with Richtext Editors (at least ckeditor4 has problems,
# other probably as well).
#
my set booleanHTMLAttributes {readonly disabled formnovalidate}
next
+ #ns_log notice "==== [my name] EDITOR specified? [my exists editor]"
if {![my exists editor]} {
my set editor [parameter::get_global_value -package_key xowiki \
-parameter PreferredRichtextEditor -default xinha]
#my msg "setting default of [my name] to [my set editor]"
}
if {![my exists __initialized]} {
+ #
# Mixin the editor based on the attribute 'editor' if necessary
# and call initialize again in this case...
+ #
+ #ns_log notice "==== initializing EDITOR: [my set editor]"
my editor [my set editor]
my initialize
}
@@ -1978,6 +1982,14 @@
}
richtext::ckeditor4 set editor_mixin 1
richtext::ckeditor4 instproc initialize {} {
+
+ security::csp::require script-src 'unsafe-eval'
+ security::csp::require script-src 'unsafe-inline'
+
+ security::csp::require script-src cdn.ckeditor.com
+ security::csp::require style-src cdn.ckeditor.com
+ security::csp::require img-src cdn.ckeditor.com
+
switch -- [my set displayMode] {
inplace { my append help_text " #xowiki.ckeip_help#" }
}
@@ -2068,8 +2080,8 @@
::xo::Page requireJS "/resources/xowiki/jquery/jquery.min.js"
#::xo::Page requireJS "/resources/xowiki/ckeditor4/ckeditor.js"
#::xo::Page requireJS "/resources/xowiki/ckeditor4/adapters/jquery.js"
- ::xo::Page requireJS "//cdn.ckeditor.com/4.5.7/standard-all/ckeditor.js"
- ::xo::Page requireJS "//cdn.ckeditor.com/4.5.7/standard-all/adapters/jquery.js"
+ ::xo::Page requireJS "//cdn.ckeditor.com/4.5.11/standard-all/ckeditor.js"
+ ::xo::Page requireJS "//cdn.ckeditor.com/4.5.11/standard-all/adapters/jquery.js"
# In contrary to the doc, ckeditor4 names instances after the id,
# not the name.
@@ -2339,6 +2351,12 @@
if {![my istype ::xowiki::formfield::richtext] || $disabled} {
my render_richtext_as_div
} else {
+ #
+ # required CSP directives for Xinha
+ #
+ security::csp::require script-src 'unsafe-eval'
+ security::csp::require script-src 'unsafe-inline'
+
# we use for the time being the initialization of xinha based on
# the blank master
set ::acs_blank_master(xinha) 1