-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure custom css/js #665
Comments
The question is do you trust those with push access to your wiki repository? |
I'm thinking of the MediaWiki use case. A public wiki that's editable by anyone on the web, however they don't have push access. I don't think it's worth attempting to try and lock down direct access to the git repo. |
I think a neat way to solve this in For those who do want to have these files committed to the repo, we can just disallow update and delete requests to their respective paths. |
Sounds good. |
Secure custom JS and CSS. Resolves #665
Secure customs available in 5.x. See #1324. |
Secure custom JS and CSS. Resolves gollum#665
There should be a secure way to inject CSS and JS. Currently editing
custom.js
is not possible via the web UI because.
is translated todot
The text was updated successfully, but these errors were encountered: