Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure custom css/js #665

Closed
bootstraponline opened this issue Mar 20, 2013 · 5 comments
Closed

Secure custom css/js #665

bootstraponline opened this issue Mar 20, 2013 · 5 comments
Labels
feature
Milestone
5.0

Comments

@bootstraponline
Copy link
Member

There should be a secure way to inject CSS and JS. Currently editing custom.js is not possible via the web UI because . is translated to dot
@dekimsey
Copy link
Contributor

The question is do you trust those with push access to your wiki repository?

@bootstraponline
Copy link
Member Author

The question is do you trust those with push access to your wiki repository?

I'm thinking of the MediaWiki use case. A public wiki that's editable by anyone on the web, however they don't have push access. I don't think it's worth attempting to try and lock down direct access to the git repo.

@dometto
Copy link
Member

dometto commented Aug 13, 2017

I think a neat way to solve this in 5.x is just to add custom.js and custom.css to the SASS (pre)compilation path, thus removing the need to add them to the repository. Makes sense performance-wise, too.

For those who do want to have these files committed to the repo, we can just disallow update and delete requests to their respective paths.

@bartkamphorst
Copy link
Member

Sounds good.

@dometto dometto added this to the 5.0 milestone Oct 2, 2018
@dometto dometto mentioned this issue Oct 2, 2018
Merged
dometto added a commit that referenced this issue Oct 3, 2018
@dometto
Merge pull request #1324 from repotag/secure_customs
daaa82f 
Secure custom JS and CSS. Resolves #665
@dometto
Copy link
Member

dometto commented Oct 3, 2018

Secure customs available in 5.x. See #1324.

@dometto dometto closed this as completed Oct 3, 2018
mortzu pushed a commit to FreifunkBremen/gollum that referenced this issue Jun 11, 2022
@dometto
Merge pull request gollum#1324 from repotag/secure_customs
acdcf23 
Secure custom JS and CSS. Resolves gollum#665
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
5.0
Development

No branches or pull requests
4 participants
@dekimsey @dometto @bartkamphorst @bootstraponline