• last updated 7 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Activate translator mode only when developer support is active

We just do this when the developer support is active, but this does

not have to be this way. By showing the translator mode only for

developer support, we save for large sites many set operations client

for client properties via "lang::util::translator_mode_p" and


properly quote tags when meant literally

Prefer 'namespace which' over 'info commands', as it is faster (on local tests, around 2x) and returns a single value. Many thanks to Nathan Coulter.

  1. … 58 more files in changeset.
improve spelling: prefer comma after "therefore" and friends

  1. … 5 more files in changeset.
reduce warnings from Chrome audits

  1. … 2 more files in changeset.
improve spelling

  1. … 13 more files in changeset.
improve spelling

  1. … 15 more files in changeset.
fix for #3354.

bump version number to 5.10.0d5

  1. … 1 more file in changeset.
Revert massive replacement of empty list creation sentences. The use of '[list]' instead of '{}' adds semantics that could be used for performance improvements in the future, such as using a different internal representation. There is already work in this direction, avoiding the generation of the string representation during comparison of empty strings (huge thanks to Stefan Sobernig for the pointer: https://core.tcl.tk/tcl/info/44527c632ed609c2).

  1. … 475 more files in changeset.
Prefer '{}' to '[list]' when creating empty lists

  1. … 71 more files in changeset.
fix typos

  1. … 4 more files in changeset.
Improve robustness of the blank master

- added call to subsite::page_plugin callback to blank-master

- standardize spellings

  1. … 2 more files in changeset.
merged changes from the oacs-5-9 branch and resolved conflicts

  1. … 7834 more files in changeset.
remove misleading comment about XHTML

- Tcl idioms: simplify access to first character

  1. … 8 more files in changeset.
- make sure to call template::head::prepare_multirows after all body_scripts are created

- bump version to 5.9.1d6

  1. … 1 more file in changeset.
-- handle ie 11 (uses a different header field for CSP)

- move CSP generation to the end

  1. … 1 more file in changeset.
- Refine security policies: when necessary, define both a nonce and a

'unsafe-inline' to ensure compatibility on some less adavanced


- use same "secure" setting for ad_session_id, otherwise, just the

last one is honored

- fix linefeed and semicolon in js for focus handling

  1. … 2 more files in changeset.
- add CSP nonce to script tags if nonce value is available

- turn function definition of acs_Focus() into a conditionally defined


- turn "body_event_handlers" into "window.addEventListener"

  1. … 4 more files in changeset.
- Added support for W3C Content Security Policy(CSP)

* For details about CSP, see https://www.w3.org/TR/CSP/

* New calls:


Generate a CSP nonce token token

security::csp::require /directive/ /value/:

Add a requirements of a page to the CSP in order to generate

later a tailored policy with the minimal permissions for

this page. For example, the following requirement is

currently added per default to the oacs-master template to

permit style tags and style attribites in the markup.

security::csp::require style-src 'unsafe-inline'


Generate a policy from the requirements

* Added Kernel Parameter CSPEnabledP to activate/desctivate CSP

(default on)

- Bump version numbers

acs-tcl to 5.9.1d11

acs-bootstrap-installer to 5.9.1d4

acs-kernel to 5.9.1d17

  1. … 7 more files in changeset.
- simplify blank-master (replace per richtext-editor hacks by new plugin interface)

- bump version number to 5.9.1d2

  1. … 1 more file in changeset.
- add editor hints to keep spaces/tabs in the furture more consistent

  1. … 754 more files in changeset.
- Improve robustness of blank-master: malformed lists in subsite

parameters could render a subsite useless and hard to correct.

Now the validity of lists is checked, errors are written to the

error.log, invalid parameters are ignored.

- added flat list syntax for ThemeCSS specs (easier to read)

- added parameter ThemeJS similar to ThemeCSS (ability to add head and

body scripts)

- added generalized function template::add_script with non-pos

parameter "-section" which might be "head" or "body" to make both

kind of scripts available to ThemeJS

  1. … 11 more files in changeset.
- improve validity for HTML5

  1. … 1 more file in changeset.
- provide minimal support for ckeditor4 (via CDN)

- added changes from antonio to pass handling for unknown editor to the master templates

  1. … 2 more files in changeset.
- provide defaults for Content-Style-Type and Content-Script-Type

  1. … 1 more file in changeset.
- allow upgrade of blank-master.{tcl,adp} via install-from-repository. This files should be free of site-specific customizations

    • -0
    • +268
  1. … 3 more files in changeset.