1 2015-05-09T10:07:24 *** vipul20
2 2015-05-09T10:32:33 *** DingoSaar_
3 2015-05-09T10:36:11 *** DingoSaar
4 2015-05-09T10:48:31 *** DingoSaar_
5 2015-05-09T10:49:06 *** bond007
6 2015-05-09T11:07:24 *** vipul20
7 2015-05-09T13:17:24 *** vipul20
8 2015-05-09T13:53:32 *** RogerHaase
9 2015-05-09T13:58:44 <RogerHaase> ThomasWaldmann: html_in, html_out, common.js do not copy CKEditor img styles to output, fixes #520 https://codereview.appspot.com/233010043/
10 2015-05-09T14:00:03 <RogerHaase> ThomasWaldmann: replied to question on global history styling: https://codereview.appspot.com/235720043/
11 2015-05-09T14:47:02 *** bond007
12 2015-05-09T15:32:04 <ThomasWaldmann> hi RogerHaase. done first review.
13 2015-05-09T15:35:48 <ThomasWaldmann> replied to 2nd
14 2015-05-09T15:49:59 <RogerHaase> ThomasWaldmann: global_history.html and history.html were created in 2009. In apps/frontend/views.py, @frontend.route('/+history/<itemname:item_name>') renders history.html, and another route without itemname renders global_history.html
15 2015-05-09T15:52:30 *** vipul20
16 2015-05-09T15:52:43 <ThomasWaldmann> ok
17 2015-05-09T15:59:22 *** bond007
18 2015-05-09T16:28:08 <RogerHaase> ThomasWaldmann: I find no references for js in css. I did find obsolete expression and behavior in IE8-, and Firefox has -moz-binding. http://stackoverflow.com/questions/476276/using-javascript-in-css All of these are discarded by cssutils as implemented.
19 2015-05-09T16:29:21 <RogerHaase> Note there is a consistency problem. User edited style attributes for 'div', 'p', 'strong', 'code', 'quote', and 'blockquote' are currently passed on and processed by html_out so XSS threat exists there for some time.
20 2015-05-09T16:30:35 <ThomasWaldmann> that shoudln't be
21 2015-05-09T16:31:24 <ThomasWaldmann> http://stackoverflow.com/questions/4546591/xss-attacks-and-style-attributes
22 2015-05-09T16:32:02 <ThomasWaldmann> back when i implemented the span macro, i made this configurable.
23 2015-05-09T16:32:16 <ThomasWaldmann> either no user style and safe. or user style and unsafe.
24 2015-05-09T16:32:48 <ThomasWaldmann> (because there was no way to process / decide this with reasonable effort)
25 2015-05-09T16:36:04 <RogerHaase> background-image: url(javascript:alert('XSS')) is also discarded by cssutils
26 2015-05-09T17:01:28 <ThomasWaldmann> is that somehow documented? i mean that the discard insecure stuff?
27 2015-05-09T17:02:10 <RogerHaase> the http://www.bioinformatics.org/phplabware/forum/viewtopic.php?id=164 example is interesting...
28 2015-05-09T17:06:49 <RogerHaase> This is the first time I have used cssutils. There seems to be a way to make your own ruleset, or add rules. But I have not succeeded in doing so. So the discarding is happening because cssutils does not have that in its ruleset. I also searched for someone using cssutils as a filter for style attribute; found nothing helpful.
29 2015-05-09T17:13:19 <RogerHaase> ThomasWaldmann: So you are thinking of a configuration parameter to allow/disallow use of style attribute? That seems reasonable as disallowing style completely limits usefulness of HTML documents. Where is span macro?
30 2015-05-09T17:38:38 <ThomasWaldmann> RogerHaase: was for 1.9, might be on MacroMarket or in extensions repo
31 2015-05-09T18:17:02 *** bond007
32 2015-05-09T18:47:21 <ronny> re
33 2015-05-09T18:47:28 <ronny> sup ThomasWaldmann, RogerHaase
34 2015-05-09T18:48:08 <RogerHaase> moin ronny :)
35 2015-05-09T18:48:41 <ronny> RogerHaase: did i understood you correct, that theming is basically down to setting logos and styling the menus>
36 2015-05-09T18:55:07 <ronny> RogerHaase: ping?
37 2015-05-09T18:57:33 <RogerHaase> ronny: no sure I understand the question. But I created a theme just by adding a theme.css file in /themes/<theme name>/static/css. All it did was change some colors of the modernized theme. If you want a custom theme that does more, you have to do more..
38 2015-05-09T18:59:22 <ronny> RogerHaase: i want to udnerstand how much theming is currently possibele with the default stuff, because the current theming system is an utter unsupported mess upstream
39 2015-05-09T18:59:47 <ronny> RogerHaase: and also i dont hae the time to make a working one (it is rather tricky)
40 2015-05-09T19:00:58 <RogerHaase> For the built-in themes, what I was trying to do is make the themes deal with header, footer, and sidebar and try to use a common color scheme. Then all the styling in common.css uses same color schemes.
41 2015-05-09T19:01:56 <ronny> hmk
42 2015-05-09T19:02:07 <ronny> so its not removable atm
43 2015-05-09T19:04:48 <RogerHaase> I think writing a custom theme in moin2 will likely be harder than in 1.9. But to change the look of the theme header, footer, and sidebar you have to create a layout.html and a show.html.
44 2015-05-09T19:07:39 <RogerHaase> look at the structure of the basic theme. layout.html and show.html create most of the theme look and feel
45 2015-05-09T19:08:02 <ronny> RogerHaase: the problem from my side is, that the current themign engine is practically broken and cant be fixed, i ssupect a custom jinja loader setup will be more flexible (using a coiceloader on top of a few package bound loaders for theme/maybe a loader for from the wiki itself
46 2015-05-09T19:12:08 <ronny> bbl, phone call
47 2015-05-09T19:29:20 <RogerHaase> ronny: I suggested https://codereview.appspot.com/208070043/diff/60001/wikiconfig.py?context=10&column_width=125 some weeks ago, but haven't addressed tw's comments. That would make a defined directory for a installation to install templates, css, logos, javascript without creating a theme. So then template loader would search wiki-local-data, theme template directory, and finally template directory. If you want to replace template loa
48 2015-05-09T19:35:50 <ronny> RogerHaase: will review in a bit
49 2015-05-09T20:51:04 *** bond007
50 2015-05-09T20:54:45 *** RogerHaase
51 2015-05-09T22:52:26 *** xjjk
52 2015-05-09T22:53:33 *** xjjk
53 2015-05-09T23:11:31 *** aviraldg
54 2015-05-09T23:27:02 *** bond007
55