Kinzie
/
kinzie.dev
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
My personal blog, using the phoenix framework. https://kinzie.dev
22 Commits
1 Branch
0 Tags
1.1 MiB
Elixir 80.5%
HTML 9.4%
TypeScript 5%
CSS 4.4%
JavaScript 0.6%
 
 
 
 
 
Go to file
Kinzie 4fb285de11 fix href 2023-08-20 05:32:46 +01:00
assets fix build.js 2023-05-24 03:32:10 +01:00
config error page fix 2023-05-24 21:36:28 +01:00
lib fix href 2023-08-20 05:32:46 +01:00
priv change that 2023-08-20 05:31:06 +01:00
rel/overlays/bin modify rel files 2023-05-24 21:18:53 +01:00
test redesign 2023-05-16 02:40:05 +01:00
.formatter.exs blog editor and tag icons update 2023-05-20 19:58:41 +01:00
.gitignore redesign 2023-05-16 02:40:05 +01:00
LICENSE license 2023-05-26 00:31:51 +01:00
README.md redesign 2023-05-16 02:40:05 +01:00
mix.exs remove msgpack for now 2023-05-24 02:51:18 +01:00
mix.lock wat 2023-05-24 00:32:08 +01:00
shell.nix redesign 2023-05-16 02:40:05 +01:00

README.md

Kinzie's Blog

Goals:

  • Allow inserting of scripts in the head/body but only if the user is an admin and has significant trust
  • Allow usage of the web editor and external editors

Solution:

  • Don't allow web posts to be updated by external editors
  • Don't allow external posts to be updated by the web editor

Circumventing this would not do anything and the web editor wouldn't be able to parse it properly, which isn't an issue.

The server could also be provided with extra data such as header-includes: ["https://cdn.site/script.js"]. Other scripts can be provided directly in the source body. The server will either strip or keep these depending on the user's power level.

If the initial publisher of a post was an editor, then an admin can't add scripts to it.