Mercurial > kallithea
view docs/usage/vcs_support.rst @ 7552:e74aa69f6827 stable
lib: sanitize HTML for all types of README rendering, not only markdown
The repository summary page will display a rendered version of the
repository 'readme' based on its file extension. In commit 5746cc3b3fa5,
the rendered output was already sanitized when the input was markdown.
However, also readmes written in other formats, like ReStructuredText (RST)
or plain text could have content that we want sanitized.
Therefore, move the sanitizing one level up so it covers all renderers, for
now and the future.
This fixes an XSS issue when a repository readme contains javascript code,
which would be executed when the repository summary page is visited by a
user.
Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
| author | Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> |
|---|---|
| date | Sat, 26 Jan 2019 20:27:50 +0100 |
| parents | 8867673c8192 |
| children | ed2fb6e84a02 |
line wrap: on
line source
.. _vcs_support: =============================== Version control systems support =============================== Kallithea supports Git and Mercurial repositories out-of-the-box. For Git, you do need the ``git`` command line client installed on the server. You can always disable Git or Mercurial support by editing the file ``kallithea/__init__.py`` and commenting out the backend. .. code-block:: python BACKENDS = { 'hg': 'Mercurial repository', #'git': 'Git repository', } Git support ----------- Web server with chunked encoding ```````````````````````````````` Large Git pushes require an HTTP server with support for chunked encoding for POST. The Python web servers waitress_ and gunicorn_ (Linux only) can be used. By default, Kallithea uses waitress_ for `paster serve` instead of the built-in `paste` WSGI server. The paster server is controlled in the .ini file:: use = egg:waitress#main or:: use = egg:gunicorn#main Also make sure to comment out the following options:: threadpool_workers = threadpool_max_requests = use_threadpool = Mercurial support ----------------- Working with Mercurial subrepositories `````````````````````````````````````` This section explains how to use Mercurial subrepositories_ in Kallithea. Example usage:: ## init a simple repo hg init mainrepo cd mainrepo echo "file" > file hg add file hg ci --message "initial file" # clone subrepo we want to add from Kallithea hg clone http://kallithea.local/subrepo ## specify URL to existing repo in Kallithea as subrepository path echo "subrepo = http://kallithea.local/subrepo" > .hgsub hg add .hgsub hg ci --message "added remote subrepo" In the file list of a clone of ``mainrepo`` you will see a connected subrepository at the revision it was cloned with. Clicking on the subrepository link sends you to the proper repository in Kallithea. Cloning ``mainrepo`` will also clone the attached subrepository. Next we can edit the subrepository data, and push back to Kallithea. This will update both repositories. .. _waitress: http://pypi.python.org/pypi/waitress .. _gunicorn: http://pypi.python.org/pypi/gunicorn .. _subrepositories: http://mercurial.aragost.com/kick-start/en/subrepositories/