INN commit: trunk (4 files)

INN Commit rra at isc.org
Sun May 24 08:12:23 UTC 2020


    Date: Sunday, May 24, 2020 @ 01:12:23
  Author: iulius
Revision: 10374

innreport: externalize CSS

Inline styles are not allowed by a (good) Content-Security-Policy because
they're vulnerable to XSS.  It has become common practice to always
externalize all CSS into a separate file.

External CSS is also more cacheable though this isn't the primary motivation here.

Patch adapted from a suggestion of Richard Kettlewell.

Modified:
  trunk/doc/pod/news.pod
  trunk/samples/innreport.conf.in
  trunk/samples/innreport.css
  trunk/scripts/innreport.in

---------------------------+
 doc/pod/news.pod          |   11 ++
 samples/innreport.conf.in |    2 
 samples/innreport.css     |    6 -
 scripts/innreport.in      |  190 ++++++++++++++++++++++----------------------
 4 files changed, 112 insertions(+), 97 deletions(-)

Modified: doc/pod/news.pod
===================================================================
--- doc/pod/news.pod	2020-05-21 21:00:33 UTC (rev 10373)
+++ doc/pod/news.pod	2020-05-24 08:12:23 UTC (rev 10374)
@@ -13,6 +13,17 @@
 B<cnfsstat> now also returns information about retired CNFS buffers
 (mentioned in F<cycbuff.conf> as a cycbuff but not in a metacycbuff).
 
+=item *
+
+Switch default B<innreport> behaviour to common practice of externalizing
+CSS into a separate file.  Its name can be configured with the
+I<html_css_url> parameter in F<innreport.conf>.  If this parameter
+is unset, the default F<innreport.css> file name will be used and
+B<innreport> will generate this CSS file for you.  Previously generated
+reports are kept untouched, though, and will still contain inline CSS
+if you had not already set the I<html_css_url> parameter in previous
+INN versions.  Thanks to Richard Kettlewell for the patch.
+
 =back
 
 =head1 Changes in 2.6.3

Modified: samples/innreport.conf.in
===================================================================
--- samples/innreport.conf.in	2020-05-21 21:00:33 UTC (rev 10373)
+++ samples/innreport.conf.in	2020-05-24 08:12:23 UTC (rev 10374)
@@ -45,7 +45,7 @@
       # Character set used in XML and Content-Type declaration.
       # html_encoding	"ISO-8859-1";
 
-      # URL to CSS file.  If undefined, a style sheet is embedded in HTML instead.
+      # URL to CSS file.  If undefined, a default style sheet is generated.
       # html_css_url    "innreport.css";
 
       # URL to XSL file.  See <http://www.w3.org/MarkUp/2004/xhtml-faq#ie>.

Modified: samples/innreport.css
===================================================================
--- samples/innreport.css	2020-05-21 21:00:33 UTC (rev 10373)
+++ samples/innreport.css	2020-05-24 08:12:23 UTC (rev 10374)
@@ -4,6 +4,9 @@
 **  innreport.css -- for parameter html_css_url in innreport.conf
 **
 **  Style created by Alexander Bartolich, 2008.
+**
+**  In case you modify this file, please keep old definitions for backward
+**  compatibility with previously generated reports.
 */
 div.ir-pageTitle {
    border-bottom:4px double black;
@@ -84,6 +87,3 @@
 td.ir-primaryKey {
    background-color:#F8E0E0;
 }
-
-
-

Modified: scripts/innreport.in
===================================================================
--- scripts/innreport.in	2020-05-21 21:00:33 UTC (rev 10373)
+++ scripts/innreport.in	2020-05-24 08:12:23 UTC (rev 10374)
@@ -564,6 +564,11 @@
 $HTML_output = '';
 
 if ($HTML) {
+  # Output the CSS in a file if a custom one is not already wanted.
+  if (!defined($output{'default'}{'html_css_url'})) {
+    &Make_CSS ($HTML_dir);
+  }
+
   # Create a new filename (unique and _sortable_).
   if ($ARCHIVE) {
     # The filename will contain the first date of the log.
@@ -878,99 +883,8 @@
     }
   }
 
-  my $style_sheet = '';
   my $css_url = $output{'default'}{'html_css_url'};
-  if (defined($css_url)) {
-    $css_url = &GetValue($css_url);
-    $style_sheet = <<EOF;
-<link rel="stylesheet" type="text/css" media="all" href="$css_url"/>
-EOF
-  }
-  else {
-    $style_sheet = <<EOF;
-<style type="text/css"><!--/*--><![CDATA[/*><!--*/
-  div.ir-pageTitle {
-    border-bottom:4px double black;
-    border-top:4px double black;
-    margin-bottom:2ex;
-    margin-top:2ex;
-    text-align:center;
-  }
-  div.ir-feedTotals {
-    margin-bottom:1ex;
-    margin-left:auto;
-    margin-right:auto;
-    text-align:center;
-  }
-  table.ir-archives,
-  table.ir-report {
-    border-collapse:collapse;
-    margin-left:auto;
-    margin-right:auto;
-    margin-top:1ex;
-    margin-bottom:1ex;
-  }
-  table.ir-archives td,
-  table.ir-archives th,
-  table.ir-report td,
-  table.ir-report th {
-    border:1px solid black;
-    empty-cells:show;
-    padding:0.3ex 0.3em 0.3ex 0.3em;
-  }
-  table.ir-archives th,
-  table.ir-report th {
-    font-weight:bold;
-    background-color:#D3D3D3;
-  }
-  table.ir-archives th,
-  table.ir-report th,
-  tr.ir-totalRow td,
-  tr.ir-headerRow th {
-    border-bottom:2px solid black;
-    border-top:2px solid black;
-  }
-  div.ir-pageFooter {
-    border-top:4px double black;
-    padding-top:1ex;
-    margin-top:1ex;
-    vertical-align:top;
-  }
-  div.ir-pageFooter img {
-    border:0;
-    float:left;
-    margin-right:1em;
-  }
-  div.ir-versionNotice {
-    font-size:small;
-  }
-  div.ir-section {
-    border-top:1px solid black;
-  }
-  p.ir-sectionTitle {
-    font-weight:bold;
-  }
-  div.ir-logFileLines {
-    font-family:monospace;
-  }
-  div.ir-reportGraph {
-    margin-left:auto;
-    margin-right:auto;
-    margin-top:1ex;
-    margin-bottom:1ex;
-    text-align:center;
-  }
-  td.ir-totalColumn {
-    text-align:left;
-    font-weight:bold;
-  }
-  tr.ir-oddRow td,
-  td.ir-primaryKey {
-    background-color:#F8E0E0;
-  }
-/*]]>*/--></style>
-EOF
-  }
+  $css_url = defined($css_url) ? &GetValue($css_url) : "innreport.css";
 
   my $body = '';
   {
@@ -991,7 +905,7 @@
 <meta http-equiv="Content-Type" content="text/html; charset=$encoding"/>
 <title>$title</title>
 <!-- innreport from $INN::Config::version -->
-$style_sheet
+<link rel="stylesheet" type="text/css" media="all" href="$css_url"/>
 </head><body$body>
 $HTML_header
 EOF
@@ -1024,6 +938,96 @@
 
 }
 
+# Generate a default CSS file.
+# In case you modify it, please keep old definitions for backward
+# compatibility with previously generated reports.
+sub Make_CSS($) {
+  my ($rep) = @_;
+  open (CSS, "> $rep/innreport.css") || die "can't open $rep/innreport.css\n";
+  print CSS <<EOF;
+div.ir-pageTitle {
+  border-bottom:4px double black;
+  border-top:4px double black;
+  margin-bottom:2ex;
+  margin-top:2ex;
+  text-align:center;
+}
+div.ir-feedTotals {
+  margin-bottom:1ex;
+  margin-left:auto;
+  margin-right:auto;
+  text-align:center;
+}
+table.ir-archives,
+table.ir-report {
+  border-collapse:collapse;
+  margin-left:auto;
+  margin-right:auto;
+  margin-top:1ex;
+  margin-bottom:1ex;
+}
+table.ir-archives td,
+table.ir-archives th,
+table.ir-report td,
+table.ir-report th {
+  border:1px solid black;
+  empty-cells:show;
+  padding:0.3ex 0.3em 0.3ex 0.3em;
+}
+table.ir-archives th,
+table.ir-report th {
+  font-weight:bold;
+  background-color:#D3D3D3;
+}
+table.ir-archives th,
+table.ir-report th,
+tr.ir-totalRow td,
+tr.ir-headerRow th {
+  border-bottom:2px solid black;
+  border-top:2px solid black;
+}
+div.ir-pageFooter {
+  border-top:4px double black;
+  padding-top:1ex;
+  margin-top:1ex;
+  vertical-align:top;
+}
+div.ir-pageFooter img {
+  border:0;
+  float:left;
+  margin-right:1em;
+}
+div.ir-versionNotice {
+  font-size:small;
+}
+div.ir-section {
+  border-top:1px solid black;
+}
+p.ir-sectionTitle {
+  font-weight:bold;
+}
+div.ir-logFileLines {
+  font-family:monospace;
+}
+div.ir-reportGraph {
+  margin-left:auto;
+  margin-right:auto;
+  margin-top:1ex;
+  margin-bottom:1ex;
+  text-align:center;
+}
+td.ir-totalColumn {
+  text-align:left;
+  font-weight:bold;
+}
+tr.ir-oddRow td,
+td.ir-primaryKey {
+  background-color:#F8E0E0;
+}
+EOF
+  close CSS;
+}
+
 # make an index for archive pages
 sub Make_Index($$$$) {
   my ($rep, $index, $filename, $data) = @_;



More information about the inn-committers mailing list