html page display via cgit

html page display via cgit

[Shivdas Gujare]

Hi All,

I hope, this is the right mailing list for cgit as well.
I am trying to add some "html logs" inside cgit, but I can't open
these logs via cgit inside firefox, i.e. cgit open every files in
"plain" format,
would like to know if it is possible to open "html" pages inside cgit
so that if I click on html page added into git, it opens in html and
not in plain format.

for example:
if I click on "download.html" from
"http://cgit.freedesktop.org/~lb/mesa/tree/docs" it shows a raw file
as "http://cgit.freedesktop.org/~lb/mesa/tree/docs/download.html"
and if I click on "plain" it opens in firefox like
"http://cgit.freedesktop.org/~lb/mesa/plain/docs/download.html"
but here I am trying to open this "download.html" inside cgit so that
I can view it like html web page and not as "plain" text file.

Thanks for any help or pointers.

Thanks and Regards,
Shivdas Gujare

Re: html page display via cgit

[Ævar Arnfjörð Bjarmason]

On Wed, Sep 1, 2010 at 09:32, Shivdas Gujare <shivdas.tech@gmail.com> wrote:

> I hope, this is the right mailing list for cgit as well.
> I am trying to add some "html logs" inside cgit, but I can't open
> these logs via cgit inside firefox, i.e. cgit open every files in
> "plain" format,
> would like to know if it is possible to open "html" pages inside cgit
> so that if I click on html page added into git, it opens in html and
> not in plain format.
>
> for example:
> if I click on "download.html" from
> "http://cgit.freedesktop.org/~lb/mesa/tree/docs" it shows a raw file
> as "http://cgit.freedesktop.org/~lb/mesa/tree/docs/download.html"
> and if I click on "plain" it opens in firefox like
> "http://cgit.freedesktop.org/~lb/mesa/plain/docs/download.html"
> but here I am trying to open this "download.html" inside cgit so that
> I can view it like html web page and not as "plain" text file.
>
> Thanks for any help or pointers.

I don't know, but that's probably deliberate. You're viewing a /plain/
link, which should be the equivalent of "git show".

There's also XSS security implications to serving things as text/html
on a shared hosting site if the main site serves cookies or otherwise
has user logins.

Re: html page display via cgit

[Joshua Juran]

On Sep 1, 2010, at 2:46 AM, Ævar Arnfjörð Bjarmason wrote:

> On Wed, Sep 1, 2010 at 09:32, Shivdas Gujare  
> <shivdas.tech@gmail.com> wrote:
>
>> I hope, this is the right mailing list for cgit as well.
>> I am trying to add some "html logs" inside cgit, but I can't open
>> these logs via cgit inside firefox, i.e. cgit open every files in
>> "plain" format,
>> would like to know if it is possible to open "html" pages inside cgit
>> so that if I click on html page added into git, it opens in html and
>> not in plain format.
>>
>> for example:
>> if I click on "download.html" from
>> "http://cgit.freedesktop.org/~lb/mesa/tree/docs" it shows a raw file
>> as "http://cgit.freedesktop.org/~lb/mesa/tree/docs/download.html"
>> and if I click on "plain" it opens in firefox like
>> "http://cgit.freedesktop.org/~lb/mesa/plain/docs/download.html"
>> but here I am trying to open this "download.html" inside cgit so that
>> I can view it like html web page and not as "plain" text file.
>>
>> Thanks for any help or pointers.
>
> I don't know, but that's probably deliberate. You're viewing a /plain/
> link, which should be the equivalent of "git show".
>
> There's also XSS security implications to serving things as text/html
> on a shared hosting site if the main site serves cookies or otherwise
> has user logins.

One solution is parse the content server-side and re-render as  
sanitized HTML.  In addition to stripping out scripts and frames, this  
would avoid sending broken markup produced by someone else under your  
name, or serving up otherwise well-formed XHTML as text/html.

Josh

Re: html page display via cgit

[Ævar Arnfjörð Bjarmason]

On Wed, Sep 1, 2010 at 10:00, Joshua Juran <jjuran@gmail.com> wrote:
> On Sep 1, 2010, at 2:46 AM, Ævar Arnfjörð Bjarmason wrote:
>
>> On Wed, Sep 1, 2010 at 09:32, Shivdas Gujare <shivdas.tech@gmail.com>
>> wrote:
>>
>>> I hope, this is the right mailing list for cgit as well.
>>> I am trying to add some "html logs" inside cgit, but I can't open
>>> these logs via cgit inside firefox, i.e. cgit open every files in
>>> "plain" format,
>>> would like to know if it is possible to open "html" pages inside cgit
>>> so that if I click on html page added into git, it opens in html and
>>> not in plain format.
>>>
>>> for example:
>>> if I click on "download.html" from
>>> "http://cgit.freedesktop.org/~lb/mesa/tree/docs" it shows a raw file
>>> as "http://cgit.freedesktop.org/~lb/mesa/tree/docs/download.html"
>>> and if I click on "plain" it opens in firefox like
>>> "http://cgit.freedesktop.org/~lb/mesa/plain/docs/download.html"
>>> but here I am trying to open this "download.html" inside cgit so that
>>> I can view it like html web page and not as "plain" text file.
>>>
>>> Thanks for any help or pointers.
>>
>> I don't know, but that's probably deliberate. You're viewing a /plain/
>> link, which should be the equivalent of "git show".
>>
>> There's also XSS security implications to serving things as text/html
>> on a shared hosting site if the main site serves cookies or otherwise
>> has user logins.
>
> One solution is parse the content server-side and re-render as sanitized
> HTML.  In addition to stripping out scripts and frames, this would avoid
> sending broken markup produced by someone else under your name, or serving
> up otherwise well-formed XHTML as text/html.

Yes, but have you seen programs that try to secure arbitrary
user-supplied HTML like this? It isn't pretty, and very hard to get
right.

Re: html page display via cgit

[Stefan Naewe]

On 9/1/2010 11:32 AM, Shivdas Gujare wrote:
> Hi All,
> 
> I hope, this is the right mailing list for cgit as well.
> I am trying to add some "html logs" inside cgit, but I can't open
> these logs via cgit inside firefox, i.e. cgit open every files in
> "plain" format,
> would like to know if it is possible to open "html" pages inside cgit
> so that if I click on html page added into git, it opens in html and
> not in plain format.

Set this in /etc/cgitrc

mimetype.gif=image/gif
mimetype.html=text/html
mimetype.jpg=image/jpeg
mimetype.jpeg=image/jpeg
mimetype.pdf=application/pdf
mimetype.png=image/png
mimetype.svg=image/svg+xml

HTH

Stefan
-- 
----------------------------------------------------------------
/dev/random says: Don't stop posting, a good laugh breaks up my day nicely

Re: html page display via cgit

[Joshua Juran]

On Sep 1, 2010, at 3:06 AM, Ævar Arnfjörð Bjarmason wrote:

> On Wed, Sep 1, 2010 at 10:00, Joshua Juran <jjuran@gmail.com> wrote:
>> On Sep 1, 2010, at 2:46 AM, Ævar Arnfjörð Bjarmason wrote:
>>
>>> On Wed, Sep 1, 2010 at 09:32, Shivdas Gujare  
>>> <shivdas.tech@gmail.com>
>>> wrote:
>>>
>>>> I hope, this is the right mailing list for cgit as well.
>>>> I am trying to add some "html logs" inside cgit, but I can't open
>>>> these logs via cgit inside firefox, i.e. cgit open every files in
>>>> "plain" format,
>>>> would like to know if it is possible to open "html" pages inside  
>>>> cgit
>>>> so that if I click on html page added into git, it opens in html  
>>>> and
>>>> not in plain format.
>>>>
>>>> for example:
>>>> if I click on "download.html" from
>>>> "http://cgit.freedesktop.org/~lb/mesa/tree/docs" it shows a raw  
>>>> file
>>>> as "http://cgit.freedesktop.org/~lb/mesa/tree/docs/download.html"
>>>> and if I click on "plain" it opens in firefox like
>>>> "http://cgit.freedesktop.org/~lb/mesa/plain/docs/download.html"
>>>> but here I am trying to open this "download.html" inside cgit so  
>>>> that
>>>> I can view it like html web page and not as "plain" text file.
>>>>
>>>> Thanks for any help or pointers.
>>>
>>> I don't know, but that's probably deliberate. You're viewing a / 
>>> plain/
>>> link, which should be the equivalent of "git show".
>>>
>>> There's also XSS security implications to serving things as text/ 
>>> html
>>> on a shared hosting site if the main site serves cookies or  
>>> otherwise
>>> has user logins.
>>
>> One solution is parse the content server-side and re-render as  
>> sanitized
>> HTML.  In addition to stripping out scripts and frames, this would  
>> avoid
>> sending broken markup produced by someone else under your name, or  
>> serving
>> up otherwise well-formed XHTML as text/html.
>
> Yes, but have you seen programs that try to secure arbitrary
> user-supplied HTML like this? It isn't pretty, and very hard to get
> right.

I haven't looked at any.  I'm not suggesting tweaking the HTML, but  
replacing it outright.  Use a whitelist of elements and attributes;  
everything else gets dropped, including comments.  I'm not a security  
expert, but my assessment is that this does the job.

Josh

Re: html page display via cgit

[Shivdas Gujare]

Hi Stefan & All,

Thanks for your replies.

On Wed, Sep 1, 2010 at 3:53 PM, Stefan Naewe
<stefan.naewe@atlas-elektronik.com> wrote:
> On 9/1/2010 11:32 AM, Shivdas Gujare wrote:
>> Hi All,
>>
>> I hope, this is the right mailing list for cgit as well.
>> I am trying to add some "html logs" inside cgit, but I can't open
>> these logs via cgit inside firefox, i.e. cgit open every files in
>> "plain" format,
>> would like to know if it is possible to open "html" pages inside cgit
>> so that if I click on html page added into git, it opens in html and
>> not in plain format.
>
> Set this in /etc/cgitrc
>
> mimetype.gif=image/gif
> mimetype.html=text/html
> mimetype.jpg=image/jpeg
> mimetype.jpeg=image/jpeg
> mimetype.pdf=application/pdf
> mimetype.png=image/png
> mimetype.svg=image/svg+xml
>

I did tried this, but it didn't made any difference on showing html
pages. Does this work like adding a line "
mimetype.pdf=application/pdf" to /etc/cgitrc allows me
to open a pdf via cgit interface in browser?

Thanks and Regards,
Shivdas Gujare




> HTH
>
> Stefan
> --
> ----------------------------------------------------------------
> /dev/random says: Don't stop posting, a good laugh breaks up my day nicely
>

Re: html page display via cgit

[Lars Hjemli]

On Wed, Sep 1, 2010 at 14:19, Shivdas Gujare <shivdas.tech@gmail.com> wrote:
> On Wed, Sep 1, 2010 at 3:53 PM, Stefan Naewe
> <stefan.naewe@atlas-elektronik.com> wrote:
>> Set this in /etc/cgitrc
>>
>> mimetype.gif=image/gif
>> mimetype.html=text/html
>> mimetype.jpg=image/jpeg
>> mimetype.jpeg=image/jpeg
>> mimetype.pdf=application/pdf
>> mimetype.png=image/png
>> mimetype.svg=image/svg+xml
>>
>
> I did tried this, but it didn't made any difference on showing html
> pages.

What cgit-version are you running? This option was added in cgit-0.8.3
(2009-09-13).

If your cgit has support for mimetype options, you probably have
caching enabled, i.e. you're watching the old output (including
Content-Type header).

> Does this work like adding a line "
> mimetype.pdf=application/pdf" to /etc/cgitrc allows me
> to open a pdf via cgit interface in browser?

Yes, the pdf will be displayed in your browser if your browser supports pdfs.

-- 
larsh

Re: html page display via cgit

[Stefan Naewe]

On 9/1/2010 2:19 PM, Shivdas Gujare wrote:
> Hi Stefan & All,
> 
> Thanks for your replies.
> 
> On Wed, Sep 1, 2010 at 3:53 PM, Stefan Naewe
> <stefan.naewe@atlas-elektronik.com> wrote:
>> On 9/1/2010 11:32 AM, Shivdas Gujare wrote:
>>> Hi All,
>>>
>>> I hope, this is the right mailing list for cgit as well.
>>> I am trying to add some "html logs" inside cgit, but I can't open
>>> these logs via cgit inside firefox, i.e. cgit open every files in
>>> "plain" format,
>>> would like to know if it is possible to open "html" pages inside cgit
>>> so that if I click on html page added into git, it opens in html and
>>> not in plain format.
>>
>> Set this in /etc/cgitrc
>>
>> mimetype.gif=image/gif
>> mimetype.html=text/html
>> mimetype.jpg=image/jpeg
>> mimetype.jpeg=image/jpeg
>> mimetype.pdf=application/pdf
>> mimetype.png=image/png
>> mimetype.svg=image/svg+xml
>>
> 
> I did tried this, but it didn't made any difference on showing html
> pages. 

I use cgit v0.8.3.3-82-gaec9 and it works for me. You still have to use the
'plain' link in the blob view, i.e. the URL looks like

http://host/cgit/repo/plain/file.html?h=branch


> Does this work like adding a line "
> mimetype.pdf=application/pdf" to /etc/cgitrc allows me
> to open a pdf via cgit interface in browser?

Works for me, too!


Stefan
-- 
----------------------------------------------------------------
/dev/random says: Nobody's ugly after 2 a.m.