root/main/trunk/greenstone2/macros/html.dm @ 31975

Revision 28888, 1.0 KB (checked in by ak19, 6 years ago)

First security commit. 1. Introducing the new securitools.h and .cpp files, which port the functions necessary to implement security in Greenstone from OWASP-ESAPI for Java, since OWASP's C++ version is largely not yet implemented, even though their code compiles. The newly added runtime-src/packages/security which contains OWASP ESAPI for C++ will therefore be removed again shortly. 2. receptionist.cpp now sets various web-encoded variants for each cgiarg macro, such as HTML entity encoded, attr encoded, javascript encoded (and css encoded variants). These are now used in the macro files based on which variant is suited to the context. 3. This commit further contains the minimum changes to protect the c, d, and p cgi variables.

  • Property svn:executable set to *
  • Property svn:keywords set to Author Date Id Revision
Line 
1# this file must be UTF-8 encoded
2
3package html
4
5_header_ {<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN">
6<html>
7<head></head>
8}
9
10_footer_ {</html>}
11
12_pagetitle_ {_collectionname_}
13
14_content_ {
15<frameset rows="90,*" noresize frameborder=0>
16  <frame frameborder=0 src="_gwcgi_?e=_compressedoptions_&a=p&p=nav">
17  <frame frameborder=0 src="_cgiarghpAttrsafe_">
18  <noframes>
19  <p>_textframebrowser_</p>
20  </noframes>
21</frameset>
22}
23
24
25package nav
26
27_header_ {_cgihead_
28_htmlhead_
29
30<div id="banner">
31<div class="pageinfo"> 
32<p class="bannerlinks">_globallinks_</p>
33</div>
34</div>
35<div class="bannerextra">_pagebannerextra_</div>
36
37}
38
39_faoheader_ [v=1] {_cgihead_
40_htmlhead_
41_globallinks_
42}
43
44# need transitional for target=""
45_htmlhead_ {
46<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
47
48<html>
49<head>
50<title>_pagetitle_</title>
51<base target="_top">
52_globalscripts_
53
54_Style:cssheader_
55</head>
56
57<body>
58}
59
60_footer_ {</body>
61</html>
62}
63
64_content_ {
65_optnavigationbar_
66}
Note: See TracBrowser for help on using the browser.