small updates

2025-02-14 21:10:25 +01:00 · 2015-05-19 00:45:48 +02:00 · 2015-05-19 00:45:48 +02:00 · fdf4c54da0
commit fdf4c54da0
parent 825e9c3c59
2 changed files with 123 additions and 76 deletions
--- a/_src/.htaccess
+++ b/_src/.htaccess
@ -1,6 +1,6 @@
 # BEGIN HTML5 Boilerplate
-# Apache Server Configs v2.11.0 | MIT License
+# Apache Server Configs v2.14.0 | MIT License
 # https://github.com/h5bp/server-configs-apache
 # (!) Using `.htaccess` files slows down Apache, therefore, if you have
@ -18,7 +18,7 @@
 # ----------------------------------------------------------------------
 # Allow cross-origin requests.
-
+#
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
 # http://enable-cors.org/
 # http://www.w3.org/TR/cors/
@ -116,20 +116,26 @@ Options -MultiViews
 #
 # https://hsivonen.fi/doctype/#ie8
 #
-# (!) Starting with Internet Explorer 11, document modes are deprecated
+# (!) Starting with Internet Explorer 11, document modes are deprecated.
-# and should no longer be used.
+# If your business still relies on older web apps and services that were
 # designed for older versions of Internet Explorer, you might want to
 # consider enabling `Enterprise Mode` throughout your company.
 #
-# http://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode
+# https://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode
 # http://blogs.msdn.com/b/ie/archive/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11.aspx
 <IfModule mod_headers.c>
    Header set X-UA-Compatible "IE=edge"
    # `mod_headers` cannot match based on the content-type, however,
    # the `X-UA-Compatible` response header should be send only for
    # HTML documents and not for the other resources.
-    <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">
+
    <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
        Header unset X-UA-Compatible
    </FilesMatch>
 </IfModule>
 # ----------------------------------------------------------------------
@ -138,7 +144,7 @@ Options -MultiViews
 # Allow cookies to be set from iframes in Internet Explorer.
 #
-# http://msdn.microsoft.com/en-us/library/ms537343.aspx
+# https://msdn.microsoft.com/en-us/library/ms537343.aspx
 # http://www.w3.org/TR/2000/CR-P3P-20001215/
 # <IfModule mod_headers.c>
@ -163,10 +169,12 @@ Options -MultiViews
  # Data interchange
    AddType application/atom+xml                        atom
    AddType application/json                            json map topojson
    AddType application/ld+json                         jsonld
    AddType application/rss+xml                         rss
    AddType application/vnd.geo+json                    geojson
-    AddType application/xml                             atom rdf rss xml
+    AddType application/xml                             rdf xml
  # JavaScript
@ -179,39 +187,9 @@ Options -MultiViews
  # Manifest files
-    # If you are providing a web application manifest file (see
+    AddType application/manifest+json                   webmanifest
    # the specification: https://w3c.github.io/manifest/), it is
    # recommended that you serve it with the `application/manifest+json`
    # media type.
    #
    # Because the web application manifest file doesn't have its
    # own unique file extension, you can set its media type either
    # by matching:
    #
    # 1) the exact location of the file (this can be done using a
    #    directive such as `<Location>`, but it will NOT work in
    #    the `.htaccess` file, so you will have to do it in the main
    #    server configuration file or inside of a `<VirtualHost>`
    #    container)
    #
    #    e.g.:
    #
    #       <Location "/.well-known/manifest.json">
    #           AddType application/manifest+json               json
    #       </Location>
    #
    # 2) the filename (this can be problematic as you will need to
    #    ensure that you don't have any other file with the same name
    #    as the one you gave to your web application manifest file)
    #
    #    e.g.:
    #
    #       <Files "manifest.json">
    #           AddType application/manifest+json               json
    #       </Files>
    AddType application/x-web-app-manifest+json         webapp
-    AddType text/cache-manifest                         appcache manifest
+    AddType text/cache-manifest                         appcache
  # Media files
@ -219,13 +197,12 @@ Options -MultiViews
    AddType audio/mp4                                   f4a f4b m4a
    AddType audio/ogg                                   oga ogg opus
    AddType image/bmp                                   bmp
    AddType image/svg+xml                               svg svgz
    AddType image/webp                                  webp
    AddType image/x-icon                                cur ico
    AddType video/mp4                                   f4v f4p m4v mp4
    AddType video/ogg                                   ogv
    AddType video/webm                                  webm
    AddType video/x-flv                                 flv
    AddType image/svg+xml                               svg svgz
    # Serving `.ico` image files with a different media type
    # prevents Internet Explorer from displaying then as images:
@ -292,11 +269,13 @@ AddDefaultCharset utf-8
                     .js \
                     .json \
                     .jsonld \
                     .manifest \
                     .rdf \
                     .rss \
                     .topojson \
                     .vtt \
                     .webapp \
                     .webmanifest \
                     .xloc \
                     .xml
 </IfModule>
@ -328,7 +307,7 @@ AddDefaultCharset utf-8
 #
 # (4) Some cloud hosting services will require you set `RewriteBase`.
 #
-#     http://www.rackspace.com/knowledge_center/frequently-asked-question/why-is-modrewrite-not-working-on-my-site
+#     https://www.rackspace.com/knowledge_center/frequently-asked-question/why-is-modrewrite-not-working-on-my-site
 #     https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase
 #
 # (5) Depending on how your server is set up, you may also need to
@ -336,6 +315,9 @@ AddDefaultCharset utf-8
 #     the rewrite engine.
 #
 #     https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriteoptions
 #
 # (6) Set %{ENV:PROTO} variable, to allow rewrites to redirect with the
 #     appropriate schema automatically (http or https).
 <IfModule mod_rewrite.c>
@ -354,6 +336,12 @@ AddDefaultCharset utf-8
    # (5)
    # RewriteOptions <options>
    # (6)
    # RewriteCond %{HTTPS} =on
    # RewriteRule ^ - [env=proto:https]
    # RewriteCond %{HTTPS} !=on
    # RewriteRule ^ - [env=proto:http]
 </IfModule>
 # ----------------------------------------------------------------------
@ -395,7 +383,7 @@ AddDefaultCharset utf-8
 #     RewriteEngine On
 #     RewriteCond %{HTTPS} !=on
 #     RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
-#     RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
+#     RewriteRule ^ %{ENV:PROTO}://%1%{REQUEST_URI} [R=301,L]
 # </IfModule>
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@ -411,7 +399,7 @@ AddDefaultCharset utf-8
 #     RewriteCond %{HTTP_HOST} !^www\. [NC]
 #     RewriteCond %{SERVER_ADDR} !=127.0.0.1
 #     RewriteCond %{SERVER_ADDR} !=::1
-#     RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+#     RewriteRule ^ %{ENV:PROTO}://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 # </IfModule>
@ -454,13 +442,17 @@ AddDefaultCharset utf-8
 # https://www.owasp.org/index.php/Clickjacking
 # <IfModule mod_headers.c>
 #     Header set X-Frame-Options "DENY"
 #     # `mod_headers` cannot match based on the content-type, however,
 #     # the `X-Frame-Options` response header should be send only for
 #     # HTML documents and not for the other resources.
-#     <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">
+
 #     <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
 #         Header unset X-Frame-Options
 #     </FilesMatch>
 # </IfModule>
 # ----------------------------------------------------------------------
@ -473,24 +465,29 @@ AddDefaultCharset utf-8
 # This can be done by setting a `Content Security Policy` which
 # whitelists trusted sources of content for your website.
 #
-# The example header below allows ONLY scripts that are loaded from the
+# The example header below allows ONLY scripts that are loaded from
-# current website's origin (no inline scripts, no CDN, etc). That almost
+# the current website's origin (no inline scripts, no CDN, etc).
-# certainly won't work as-is for your website!
+# That almost certainly won't work as-is for your website!
 #
-# For more details on how to craft a reasonable policy for your website,
+# To make things easier, you can use an online CSP header generator
-# read: http://www.html5rocks.com/en/tutorials/security/content-security-policy/
+# such as: http://cspisawesome.com/.
-# (or the specification: http://www.w3.org/TR/CSP11/). Also, to make
+#
-# things easier, you can use an online CSP header generator such as:
+# http://content-security-policy.com/
-# http://cspisawesome.com/.
+# http://www.html5rocks.com/en/tutorials/security/content-security-policy/
 # http://www.w3.org/TR/CSP11/).
 # <IfModule mod_headers.c>
 #     Header set Content-Security-Policy "script-src 'self'; object-src 'self'"
 #     # `mod_headers` cannot match based on the content-type, however,
 #     # the `Content-Security-Policy` response header should be send
 #     # only for HTML documents and not for the other resources.
-#     <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">
+
 #     <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
 #         Header unset Content-Security-Policy
 #     </FilesMatch>
 # </IfModule>
 # ----------------------------------------------------------------------
@ -587,11 +584,8 @@ AddDefaultCharset utf-8
 # http://blogs.msdn.com/b/ieinternals/archive/2014/08/18/hsts-strict-transport-security-attacks-mitigations-deployment-https.aspx
 # <IfModule mod_headers.c>
-#     Header set Strict-Transport-Security "max-age=16070400; includeSubDomains"
+#     Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains"
 # </IfModule>
 <IfModule mod_headers.c>
    Header set Strict-Transport-Security "max-age=16070400"
 </IfModule>
 # ----------------------------------------------------------------------
 # | Reducing MIME type security risks                                  |
@ -606,7 +600,7 @@ AddDefaultCharset utf-8
 #
 # http://www.slideshare.net/hasegawayosuke/owasp-hasegawa
 # http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
-# http://msdn.microsoft.com/en-us/library/ie/gg622941.aspx
+# https://msdn.microsoft.com/en-us/library/ie/gg622941.aspx
 # https://mimesniff.spec.whatwg.org/
 <IfModule mod_headers.c>
@ -639,7 +633,7 @@ AddDefaultCharset utf-8
 #     thereby, it's better to inform browsers to prevent the rendering
 #     of the page altogether, instead of attempting to modify it.
 #
-#     http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities
+#     https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities
 #
 # (!) Do not rely on the XSS filter to prevent XSS attacks! Ensure that
 #     you are taking all possible measures to prevent XSS attacks, the
@ -650,20 +644,58 @@ AddDefaultCharset utf-8
 # https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
 # <IfModule mod_headers.c>
 #     #                           (1)    (2)
 #     Header set X-XSS-Protection "1; mode=block"
 #     # `mod_headers` cannot match based on the content-type, however,
 #     # the `X-XSS-Protection` response header should be send only for
 #     # HTML documents and not for the other resources.
-#     <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">
+
 #     <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
 #         Header unset X-XSS-Protection
 #     </FilesMatch>
 # </IfModule>
 # ----------------------------------------------------------------------
 # | Server-side technology information                                 |
 # ----------------------------------------------------------------------
 # Remove the `X-Powered-By` response header that:
 #
 #  * is set by some frameworks and server-side languages
 #    (e.g.: ASP.NET, PHP), and its value contains information
 #    about them (e.g.: their name, version number)
 #
 #  * doesn't provide any value as far as users are concern,
 #    and in some cases, the information provided by it can
 #    be used by attackers
 #
 # (!) If you can, you should disable the `X-Powered-By` header from the
 # language / framework level (e.g.: for PHP, you can do that by setting
 # `expose_php = off` in `php.ini`)
 #
 # https://php.net/manual/en/ini.core.php#ini.expose-php
 <IfModule mod_headers.c>
    Header unset X-Powered-By
 </IfModule>
 # ----------------------------------------------------------------------
 # | Server software information                                        |
 # ----------------------------------------------------------------------
 # Prevent Apache from adding a trailing footer line containing
 # information about the server to the server-generated documents
 # (e.g.: error messages, directory listings, etc.)
 #
 # https://httpd.apache.org/docs/current/mod/core.html#serversignature
 ServerSignature Off
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # Prevent Apache from sending in the `Server` response header its
 # exact version number, the description of the generic OS-type or
 # information about its compiled-in modules.
@ -820,9 +852,12 @@ FileETag None
    ExpiresDefault                                      "access plus 1 month"
  # CSS
    ExpiresByType text/css                              "access plus 1 year"
  # Data interchange
    ExpiresByType application/atom+xml                  "access plus 1 hour"
    ExpiresByType application/rdf+xml                   "access plus 1 hour"
    ExpiresByType application/rss+xml                   "access plus 1 hour"
@ -834,35 +869,45 @@ FileETag None
    ExpiresByType application/xml                       "access plus 0 seconds"
    ExpiresByType text/xml                              "access plus 0 seconds"
  # Favicon (cannot be renamed!) and cursor images
    ExpiresByType image/vnd.microsoft.icon              "access plus 1 week"
    ExpiresByType image/x-icon                          "access plus 1 week"
  # HTML
    ExpiresByType text/html                             "access plus 0 seconds"
  # JavaScript
    ExpiresByType application/javascript                "access plus 1 year"
    ExpiresByType application/x-javascript              "access plus 1 year"
    ExpiresByType text/javascript                       "access plus 1 year"
  # Manifest files
    ExpiresByType application/manifest+json             "access plus 1 year"
  # Manifest files
    ExpiresByType application/manifest+json             "access plus 1 week"
    ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
    ExpiresByType text/cache-manifest                   "access plus 0 seconds"
  # Media files
    ExpiresByType audio/ogg                             "access plus 1 month"
    ExpiresByType image/bmp                             "access plus 1 month"
    ExpiresByType image/gif                             "access plus 1 month"
    ExpiresByType image/jpeg                            "access plus 1 month"
    ExpiresByType image/png                             "access plus 1 month"
    ExpiresByType image/svg+xml                         "access plus 1 month"
    ExpiresByType image/webp                            "access plus 1 month"
    ExpiresByType video/mp4                             "access plus 1 month"
    ExpiresByType video/ogg                             "access plus 1 month"
    ExpiresByType video/webm                            "access plus 1 month"
  # Web fonts
    # Embedded OpenType (EOT)
@ -883,7 +928,9 @@ FileETag None
    # Web Open Font Format (WOFF) 2.0
    ExpiresByType application/font-woff2                "access plus 1 month"
  # Other
    ExpiresByType text/x-cross-domain-policy            "access plus 1 week"
 </IfModule>
@ -935,7 +982,7 @@ FileETag None
 # <IfModule mod_rewrite.c>
 #     RewriteEngine On
 #     RewriteCond %{REQUEST_FILENAME} !-f
-#     RewriteRule ^(.+)\.(\d+)\.(bmp|css|cur|gif|ico|jpe?g|js|png|svgz?|webp)$ $1.$3 [L]
+#     RewriteRule ^(.+)\.(\d+)\.(bmp|css|cur|gif|ico|jpe?g|js|png|svgz?|webp|webmanifest)$ $1.$3 [L]
 # </IfModule>
--- a/_src/feed/index.xml
+++ b/_src/feed/index.xml
@ -7,23 +7,23 @@ redirect_from:
 <?xml version="1.0" encoding="utf-8"?>
 <feed xmlns="http://www.w3.org/2005/Atom">
-	<title type="text" xml:lang="en">{{ site.name }}</title>
+	<title type="text" xml:lang="en">{{ site.name | xml_escape }}</title>
    <link type="application/atom+xml" href="{{ site.url }}/feed/" rel="self"/>
    <link href="{{ site.url }}/"/>
 	<updated>{{ site.time | date_to_xmlschema }}</updated>
 	<id>{{ site.url }}</id>
 	<author>
-		<name>{{ site.author }}</name>
+		<name>{{ site.author | xml_escape}}</name>
        <email>{{ site.email }}</email>
 	</author>
 	{% for post in site.posts limit:100 %}
    	<entry>
            {% if post.layout == "link" %}
-				<title>{{ post.title | escape | titlecase }} &#8594;</title>
+				<title>{{ post.title | xml_escape | titlecase }} &#8594;</title>
                <link rel="alternate" type="text/html" href="{{ post.linkurl | escape }}" />
            {% else %}
-				<title>{{ post.title | escape | titlecase }}</title>
+				<title>{{ post.title | xml_escape | titlecase }}</title>
                <link rel="alternate" type="text/html" href="{{ site.url }}{{ post.url | escape }}" />
            {% endif %}
@ -35,7 +35,7 @@ redirect_from:
 				<updated>{{ post.date | date_to_xmlschema }}</updated>
            {% endif %}
-    		<id>{{ site.url }}{{ post.url | escape }}</id>
+    		<id>{{ site.url }}{{ post.url }}</id>
    		<content type="html">
                {% if post.image %}
                    &lt;img src=&quot;{{ site.url }}/media/{{ post.image }}&quot; /&gt;
@ -44,8 +44,8 @@ redirect_from:
                {{ post.content | xml_escape }}
    			{% if post.layout == "link" %}
-                    &lt;a href=&quot;{{ post.linkurl | escape }}&quot;&gt;Go to source &amp;#187;&lt;/a&gt; &lt;br /&gt;
+                    &lt;a href=&quot;{{ post.linkurl }}&quot;&gt;Go to source &amp;#187;&lt;/a&gt; &lt;br /&gt;
-                    &lt;a href=&quot;{{ site.url }}{{ post.url | escape }}&quot; title=&quot;Permalink for this post&quot;&gt;&amp;#8734;&lt;/a&gt;
+                    &lt;a href=&quot;{{ site.url }}{{ post.url }}&quot; title=&quot;Permalink for this post&quot;&gt;&amp;#8734;&lt;/a&gt;
                {% endif %}
            </content>
    	</entry>