Content-Security-Policy (CSP) is a web security feature that allows
servers to declare what loaded content is allowed to do. For example,
a policy can prevent loading of images, JavaScript, CSS, etc unless
the source of that content is whitelisted (by hostname, URI scheme,
hashes of content, etc). It's a nifty security feature that provides
extra mitigation against some attacks, notably XSS.
Mitigation against these attacks is important for Mercurial because
hgweb renders repository data, which is commonly untrusted. While we
make attempts to escape things, etc, there's the possibility that
malicious data could be injected into the site content. If this happens
today, the full power of the web browser is available to that
malicious content. A restrictive CSP policy (defined by the server
operator and sent in an HTTP header which is outside the control of
malicious content), could restrict browser capabilities and mitigate
security problems posed by malicious data.
CSP works by emitting an HTTP header declaring the policy that browsers
should apply. Ideally, this header would be emitted by a layer above
Mercurial (likely the HTTP server doing the WSGI "proxying"). This
works for some CSP policies, but not all.
For example, policies to allow inline JavaScript may require setting
a "nonce" attribute on <script>. This attribute value must be unique
and non-guessable. And, the value must be present in the HTTP header
and the HTML body. This means that coordinating the value between
Mercurial and another HTTP server could be difficult: it is much
easier to generate and emit the nonce in a central location.
This commit introduces support for emitting a
Content-Security-Policy header from hgweb. A config option defines
the header value. If present, the header is emitted. A special
"%nonce%" syntax in the value triggers generation of a nonce and
inclusion in <script> elements in templates. The inclusion of a
nonce does not occur unless "%nonce%" is present. This makes this
commit completely backwards compatible and the feature opt-in.
The nonce is a type 4 UUID, which is the flavor that is randomly
generated. It has 122 random bits, which should be plenty to satisfy
the guarantees of a nonce.
All the hgweb templates include mercurial.js in their header. All
the hgweb templates have the same <script> boilerplate to run
process_dates(). This patch factors that function call into
mercurial.js as part of a DOMContentLoaded event listener.
Every other template has the "raw" link load "raw-file." However,
fileannotate.tmpl's "raw" link loads "raw-annotate." This feels
inconsistent and wrong.
As far as I can tell, linking to the "raw annotate" view has occurred
since 2006.
Add white-space: nowrap to td.annotate to avoid wrapping div.annotate-info
into next line if there is revision number in the same cell, as it is hard to
mouse over div.annotate-info if it's wrapped into next line.
The link is embedded into a div with class="annotate-info" that only shows up
upon hover of the annotate column. To avoid duplicate hover-overs (this new
one and the one coming from link's title), drop "title" attribute from a
element and put it in the annotate-info element.
hgweb currently offers limited functionality for "classifying"
repositories. This patch aims to change that.
The web.labels config option list is introduced. Its values
are exposed to the "index" and "summary" templates. Custom
templates can use template features like ifcontains() to e.g.
look for the presence of a specific label and engage specific
behavior. For example, a site operator may wish to assign a
"defunct" label to a repository so the repository is prominently
marked as dead in repository indexes.
It was mixing tabs and spaces, and not in a good way.
Indent style of other atom entries seems to be 1 space per level, so let's
apply it here as well.
Since content is of type "text" (and is already escaped), using a CDATA section
is not required.
Looks like this was just an artifact of copying things from rss style in
529b23a26574, because other entries in atom style don't use CDATA in such
places.
It was mixing tabs and spaces, and not in a good way.
Indent style of other rss entries seems to be 4 spaces per level, so let's
apply it here as well.
I.e. when a revision blames a block of source lines, only display the
revision link on the first line of the block (this is identified by the
"blockhead" key in annotate context).
This addresses item "Visual grouping of changesets" of the blame improvements
plan (https://www.mercurial-scm.org/wiki/BlamePlan) which states: "Typically
there are block of lines all attributed to the same revision. Instead of
rendering the revision/changeset for every line, we could only render it once
per block."
* Distinguish the /annotate/<revision>/<file>#<linenumber> link when it would
lead to the current page (i.e. <revision> is the current revision) (style it
gray and undecorated). This indicates more clearly that this is a "dead-end"
in blame navigation.
* Display lines changed in current revision in green.
Change summary webcommand to yield each element of the shortlog instead of the
entire list.
This makes generated json more readable since each entry can be formatted
separately, instead of returning all the shortlog content in a single string.
Modify changelistentry structure to also deliver phase and branch data and use
either 'parents' or 'allparents' depending on what is defined in the view, in
order to reuse it in filelog structure.
Before, copied files were assumed as "A" (added) and listed followed by
non-copy added files. This could double entries of a copy if it had "M"
(modified) state.
So, this patch makes the template check if a file is included in copies dict.
This way, entries should never be doubled.
The output of "log -Tstatus -C" does not always agree with "status -C --change"
due to the bug of "status", which is documented in test-status.t. See also
21a68fa3c757.
Entries prepared in webutil.changelistentry() skip showing parents in the
trivial case when there's only one parent and it's the previous revision. This
doesn't work well for the json-log template, which is supposed to just dump raw
data in an easy-to-parse format, so let's provide all parents as another
keyword: allparents.
Using a lambda function here means that the performance of templates that don't
use allparents won't be affected (see 88bd6697bfad).
This template allows showing the list of all repos in an hgweb instance (in
hgwebdir mode) as json.
The test has "lastchange" globbed because hgweb uses here file modification
time and not the last commit time.
This is necessary to preserve filename encoding over JSON. Instead, this
patch inserts "|utf8" where non-ascii local-encoding texts can be passed
to "|json".
See also the commit that introduced "utf8" filter.
After 313b8d61b548 graph canvas width is decided once on the initial rendering.
However, after graph page gets scrolled down to load more, it might need more
horizontal space to draw, so it needs to resize the canvas dynamically.
The exact problem that this patch solves can be seen using:
hg init testfork
cd testfork
echo 0 > foo
hg ci -Am0
echo 1 > foo
hg ci -m1
hg up 0
echo 2 > foo
hg ci -m2
hg gl -T '{rev}\n'
@ 2
|
| o 1
|/
o 0
hg serve
And then by navigating to http://127.0.0.1:8000/graph/tip?revcount=1
"revcount=1" makes sure the initial graph contains only revision 2. And because
the initial canvas width takes only that one revision into count, after the
(immediate) AJAX update revision 1 will be cut off from the graph.
We can safely set canvas width to the new value we get from the AJAX request
because every time graph is updated, it is completely redrawn using all the
requested nodes (in the case above it will use /graph/2?revcount=61), so the
value is guaranteed not to decrease.
P.S.: Sorry for parsing HTML with regexes, but I didn't start it.
Before this patch, template files for "graph" web page use fixed width
size "480" for canvas element.
This causes pruned lanes and invisible vertexes, if there are 16 or
more vertical lanes at once. In such case, part of graph in right side
area over 480 is invisible, even though corresponded summary text
blocks are visible correctly.
This limitation isn't reasonable for workflow using many branches at
once (e.g. "one branch per issue" workflow).
There were changes below related to width of canvas:
- 6c855f5350cd (templates: widen the graph canvas (issue2683)),
released as a part of Mercurial 1.8.2
According to the description, this assumed that 15 parallel
branches was enough for ordinary workflow, and bumped width of
canvas up from 224 to 480.
- f5506d2a674c (hgweb: make graph data suitable for template usage),
released as a part of Mercurial 2.3
This introduced "canvaswidth" template keyword as a part of
refactoring around graph rendering.
But 'width="480"' of canvas element in template files wasn't
replaced by 'width="{canvaswidth}"' in it (or subsequent one).
This patch uses dynamic value "{canvaswidth}" instead of fixed width
size "480" for canvas element.
This is posted for "stable", because:
- this is re-fixing issue2683
- this is simple enough for stable
- using "{canvaswidth}" doesn't require any additional cost
Calculation of canvaswidth is already implied as a part of "graph"
web command.
Currently, the "helptopics" template assumes it is only used as the
main index and therefore doesn't hyperlink "help" in the navigation
list. Sub-topics will introduce an additional consumer of this
template. So teach the template to hyperlink the "help" navigation
entry when necessary.
In order to support sub-topics, we need to support linking to a full
topic name while displaying the base topic name. Change the {helpentry}
template to grab the display name from an optional seperate variable
(which will be defined in a future patch).
We now have sub-topics in the help system. The "helptopics" template
serves as a mechanism for displaying an index of help topics.
Previously, it was only used to show the top-level list of help topics,
which includes special groupings of topics.
In the near future, we'll adapt "helptopics" for showing the index
of sub-topics. In this patch, we optionally render {earlycommands} and
{othercommands} since they aren't present on sub-topics.
currently "subscribe to atom feed" link in file log page is as follows.
/atom-log/[revision]/[file]
This is invalid, because we could not get newer commit feed than [revision].
To fix this, atom-log feed url should be the following style.
atom-log/tip/[file]
Looks like the function wasn't ever used since its introduction in
083571f47ff6, since setColor() below always used "rgb(255, 255, 255)" notation
which doesn't need hex digits.
Due to how the line links now reside outside of the source lines, hovering over
line numbers doesn't count as hovering over the appropriate source line. It can
be worked around by using a "+" css selector. However, it's necessary to
reorder the elements and put <a> before <span> (which is actually quite
logical). It works without further css tweaks because <a> is already
absolute-positioned and so the order doesn't matter visually.
Due to how the line links now reside outside of the source lines, hovering over
line numbers doesn't count as hovering over the appropriate source line. It can
be worked around by using a "+" css selector. However, it's necessary to
reorder the elements and put <a> before <span> (which is actually quite
logical). It works without further css tweaks because <a> is already
absolute-positioned and so the order doesn't matter visually.
Due to how the line numbers in monoblue are formed (via css counters), the size
of the area with the numbers and the size of the actually clickable links are
not tied together well enough. Before this patch, there were noticeable "gaps"
between line links - clicking on the bottom part of a visible line number did
nothing as opposed to selecting this line.
Let's set font-size for everything in pre.sourcelines so that it also affects
the links and then add a bit of padding to them so compensate for layout
differences.
This way the sizes are still not 100% the same, but should be very close.
In hgweb, some pages have a context of current revision; e.g. changelog and
shortlog show changesets starting from this current revision. However, some
gitweb templates were dropping current revision from some urls _to_ /graph page
and _on_ that page. This patch fixes it.
When users configure the default foreground or background color to
non-default (black on white) values, several hgweb styles lack
contrast for headers and table row items. This patch fixes that by
ensuring that where either foreground or background colors are
specified, both are specified.
This is adapted from 635285e0a942, that was added to paper for 3.5 release.
It adds another way to refer to branches, tags and bookmarks in urls: by name.
It's still possible to navigate to a specific changeset hash, but now you can
get more descriptive urls straight from /summary page, for example.
branchentry template (and so the whole branches table on /summary and
/branches) lost the column that had a plain changeset hash, because tags and
bookmarks don't have this column and also because there is already a way to
address branch by its changeset hash (changeset link just next to it). Maybe we
can instead bring this column with a plain changeset hash to tags and
bookmarks, but this, more terse, new look feels fine.
This is adapted from 635285e0a942, that was added to paper for 3.5 release.
It adds another way to refer to branches, tags and bookmarks in urls: by name.
It's still possible to navigate to a specific changeset hash, but now you can
get more descriptive urls straight from /summary page, for example.
branchentry template (and so the whole branches table on /summary and
/branches) lost the column that had a plain changeset hash, because tags and
bookmarks don't have this column and also because there is already a way to
address branch by its changeset hash (changeset link just next to it). Maybe we
can instead bring this column with a plain changeset hash to tags and
bookmarks, but this, more terse, new look feels fine.
Empty lines in file view could produce an inexplicable margin before the next
line (most noticeable in browsers on webkit/blink engine). That was making
empty lines seem taller than the rest.
Instead of using default vertical align, let's set it to 'top'.
This issue is actually present in paper, and only recently got into gitweb
(0609781075c1) and monoblue (b7a7757577fb). There's a bit more to it in paper,
so that will be dealt with in a future patch.
Recipe to see live: preferably using a webkit/blink browser, such as chromium,
browse a file with empty lines, e.g. https://selenic.com/hg/file/3.5/README#l8
Selecting a block of text that includes empty lines will reveal white "breaks"
in the selection. Highlighted line (#l8) also shows such a break below itself.
This is adapted from 0609781075c1.
It also fixes issue4790 in monoblue; tab characters now have meaningful width on
the modified pages (file view, file diff, changeset).
This is adapted from a46863946982 and 8d7bff75072d.
It also fixes issue4790 in gitweb; tab characters now have meaningful width on
the modified pages (file view, file diff, changeset).
To remove another big chunk of duplication from coal hgweb style, we can move
all visual tweaks to style-extra-coal.css and include it together with
style-paper.css.
Before, coal/map simply had all the templates copied and pasted from paper/map
file. It was easy to make a change to paper that would get into coal only
partially and just sit there until something like 216a95e6094f happened.
Let's remove this duplication from coal/map by using %include to reuse
templates from paper/map directly.
In paper and Coal, basically, div.sourcelast was only used to make a 1px border
on the bottom of file source view (and only there). It's better to use
bottomline class, that also exists for the same purpose (visually), but is used
more widely and works without needing an empty <div>.
Basically, coal style in hgweb is intended to be functionally equivalent (just
different in style) to paper, and does this by reusing almost all templates
from paper (except header.tmpl, where it specifies a different css file). Looks
like everybody forgot this and so many improvements to paper templates, that
should've also made it into coal, were often only half-done there (usually
thanks to template reuse). Let's fix this by bulk-copying missing things from
paper/map and style-paper.css to coal/map and style-coal.css.
There were many improvements to paper that didn't touch coal, and that makes it
hard to untangle the code and split this patch into many, but here are some of
the changes (paper-only), that now get into coal:
a9c9f5ef6abf - hgweb: color line which is linked to in file source view
1555d017cac7 - hgweb: highlight line which is linked to at annotate view
a46863946982 - hgweb: code selection without line numbers in file source view
636594df4244 - hgweb: add line wrapping switch to file source view
cc6bee069ce6 - hgweb: use css margin instead of empty <p> before diffstat table
It also fixes line anchor in annotateline template (#42 vs #l42).
"Tags" and "Bookmarks" sections on this page already have the similar links,
and so does the "Branches" on summary page in gitweb, so let's do the same in
monoblue.
Index page, which shows the list of available repositories, has a column where
the last modification date for each repo is shown. paper, coal and spartan
already show the dates in relative format (e.g. "2 weeks ago"), because these
styles have the required process_dates() js function call in their footer
templates, which are included on every page. But monoblue and gitweb styles
have more things in the footer templates, such as repo name and its atom/rss
links, so they don't include the footer on index page (as this page doesn't
have a single repo context).
Let's call process_dates() without including the footer.
In 064b658181dd, age calculation was made dynamic (i.e. in javascript), but for
some reason bookmarkentry template in monoblue/map got a wrong class. It
resulted in /summary and /bookmarks pages always showing exact dates for
bookmarks, no age calculation was performed. Let's fix this by using "age"
class that is already used in branchentry and tagentry templates in the same
map file.
As usual, the exact date for such elements is still available in title
attribute, so it shows in a tooltip on hover.
Since f9c487618909 and 9d5bd0e29076, when monoblue was introduced, the code
this patch removes was untouched. Presumably, there supposed to be nice
graphics in the screen corners, but there never were due to:
- the css being commented out
- ids of the elements and of the css selectors being different
- and the png files absent
The "corner" elements were unstyled and didn't affect the rest of the page, so
I think it's safe to remove all this.
