search

mantisbt-plugins / source-integration

Source control integration plugin framework for MantisBT, including support for Github, Gitlab, Bitbucket, Gitea, Gitweb, Cgit, Subversion, Mercurial and more
http://noswap.com/projects/source-integration/
MIT License
181 stars 130 forks source link

Support to open websvn links within an iframe if IFramed plugin is installed #322

Closed spmeesseman closed 2 years ago

spmeesseman commented 5 years ago

Support to open websvn links within the mantisbt ui in an iframe, if the IFramed plugin is installed.

This of course would mean adjusting Content-Security-Policy header frame-src in mantisbt config (example in IFramed readme file). And possibly, require a server config to handle some url encoding issue with the &amp when going to file details page from diff, in Apache I used:

RewriteCond %{QUERY_STRING} ^repname=(.*)(&)path=(.*)(&)(.*)$ RewriteRule ^(.*)$ https://my.domain.com/websvn/filedetails.php?repname=%1&path=%3&%5 [N]

websvn-iframe

dregad commented 3 years ago

@spmeesseman finally looking into this, I'm reluctant to pull it in, due to the required external configuration - is that specific to this feature, or a standard part of the IFramed plugin setup ?

I'm also concerns by the recommendation to add script-src: 'unsafe-inline'; in the example provided in IFramed README - it's called unsafe for a reason... adding this leaves the user open to XSS attacks.

dregad commented 2 years ago

@spmeesseman since you never provided any feedback, I'm going to close this. Feel free to reopen if you'd like to discuss things further based on my earlier comments.