Description: Improve PmWiki security by
PmWiki already supports this:
- Specify in config.php
$HTTPHeaders = "Content-Security-Policy: script-src 'self' https://apis.google.com";// or
$HTMLHeaderFmt['CSP'] = '<meta...>';
focus=1attribute; all these are not essential and can be safely ignored by your browser; btw there is a HTML5
autofocusattribute for this. The GUIEdit toolbar is also not essential, one could write without it.
- Simply don't use WikiStyles: either disable it, or use only the
$EnableWikiStyles = 0;) And don't use the
style=attribute in tables or divs.
As you can see, PmWiki in no way prevents you to use CSP, you can enable it with a single line of code. --Petko July 07, 2016, at 01:21 AM
In addition: you can disable embedded core CSS styles in the header with this snippet:
$styles = explode(' ', 'pmwiki rtl-ltr wikistyles markup simuledit diff urlapprove vardoc'); foreach($styles as $style)
$HTMLStylesFmt[$style] = '';
You can use the file pmwiki-core.css that comes with the skins Triad, Gemini or FixFlow (even if you have a different skin):
$HTMLHeadFmt['pmwiki-core-css'] = '<link rel="stylesheet" href="
$FarmPubDirUrl/css/pmwiki-core.css" type="text/css" />';
These styles cannot be moved simply to the default skin CSS without breaking 95% of the skins and probably all unpublished custom skins. But as usual, PmWiki allows you to enable and disable the features you need. :-) --Petko July 07, 2016, at 05:35 AM