Files @ 2ac4499b25eb
Branch filter:

Location: kallithea/docs/usage/backup.rst - annotation

2ac4499b25eb 512 B text/prs.fallenstein.rst Show Source Show as Raw Download as Raw
Thomas De Schampheleire
lib: sanitize HTML for all types of README rendering, not only markdown

The repository summary page will display a rendered version of the
repository 'readme' based on its file extension. In commit 5746cc3b3fa5,
the rendered output was already sanitized when the input was markdown.
However, also readmes written in other formats, like ReStructuredText (RST)
or plain text could have content that we want sanitized.

Therefore, move the sanitizing one level up so it covers all renderers, for
now and the future.

This fixes an XSS issue when a repository readme contains javascript code,
which would be executed when the repository summary page is visited by a
user.

Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
af371e206ec5
af371e206ec5
17c9393e9645
e73a69cb98dc
af371e206ec5
af371e206ec5
af371e206ec5
af371e206ec5
af371e206ec5
af371e206ec5
e73a69cb98dc
af371e206ec5
fbbe80e3322b
af371e206ec5
af371e206ec5
af371e206ec5
4e6dfdb3fa01
4e6dfdb3fa01
af371e206ec5
af371e206ec5
af371e206ec5
af371e206ec5
af371e206ec5
e73a69cb98dc
af371e206ec5
af371e206ec5
4e6dfdb3fa01

.. _backup:

====================
Backing up Kallithea
====================


Settings
--------

Just copy your .ini file, it contains all Kallithea settings.


Whoosh index
------------

The Whoosh index is located in the ``data/index`` directory where you installed
Kallithea, i.e., the same place where the ini file is located


Database
--------

When using sqlite just copy kallithea.db.
Any other database engine requires a manual backup operation.

A database backup will contain all gathered statistics.
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.