d718c5a372
CI / windows_test (push) Waiting to run
CI / compile_and_lint (push) Failing after 0s
CI / docker_build (linux/amd64, -linux-amd64-duckdb, duckdb) (push) Failing after 0s
CI / docker_build (linux/arm64, -linux-arm64, minimal) (push) Failing after 2s
CI / docker_build (linux/arm64, -linux-arm64-duckdb, duckdb) (push) Failing after 1s
CI / docker_build (linux/amd64, minimal) (push) Failing after 1s
CI / test (, sqlite, sqlite::memory:) (push) Has been skipped
CI / test (mssql, mssql, mssql://root:Password123!@127.0.0.1/sqlpage) (push) Has been skipped
CI / test (mysql, mysql, mysql://root:Password123!@127.0.0.1/sqlpage) (push) Has been skipped
CI / test (oracle, oracle, Driver=Oracle 21 ODBC driver;Dbq=//127.0.0.1:1521/FREEPDB1;Uid=root;Pwd=Password123!) (push) Has been skipped
CI / test (postgres, odbc, Driver=PostgreSQL Unicode;Server=127.0.0.1;Port=5432;Database=sqlpage;UID=root;PWD=Password123!, true) (push) Has been skipped
CI / test (postgres, postgres, postgres://root:Password123!@127.0.0.1/sqlpage) (push) Has been skipped
CI / playwright (push) Has been skipped
CI / docker_build (linux/arm/v7, -linux-arm-v7, minimal) (push) Failing after 0s
CI / hurl_examples (push) Failing after 8s
deploy website / deploy_official_site (push) Failing after 1s
CI / docker_push (duckdb) (push) Waiting to run
CI / docker_push (minimal) (push) Waiting to run
CI / hurl (${{ matrix.example }}) (push) Has been skipped
34 lines
1.5 KiB
SQL
34 lines
1.5 KiB
SQL
select 'http_header' as component, 'noindex' as "X-Robots-Tag";
|
|
|
|
select 'dynamic' as component, properties FROM example WHERE component = 'shell' LIMIT 1;
|
|
|
|
select
|
|
'hero' as component,
|
|
'Not found' as title,
|
|
'Sorry, the component you were looking for does not exist.' as description_md,
|
|
'https://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Sad_clown.jpg/640px-Sad_clown.jpg' as image,
|
|
'/documentation.sql' as link,
|
|
'Back to the documentation' as link_text;
|
|
|
|
-- Friendly message after an XSS or SQL injection attempt
|
|
set attack = CASE WHEN
|
|
$component LIKE '%<%' or $component LIKE '%>%' or $component LIKE '%/%' or $component LIKE '%;%'
|
|
or $component LIKE '%--%' or $component LIKE '%''%' or $component LIKE '%(%'
|
|
THEN 'attacked' END;
|
|
|
|
select
|
|
'alert' as component,
|
|
'A note about security' as title,
|
|
'alert-triangle' as icon,
|
|
'teal' as color,
|
|
TRUE as important,
|
|
'SQLPage takes secutity very seriously.
|
|
Fiddling with the URL to try to access data you are not supposed to see, or to
|
|
trigger a SQL or javacript injection, should never work.
|
|
|
|
However, if you think you have found a security issue, please
|
|
report it and we will fix it as soon as possible.
|
|
' as description
|
|
where $attack = 'attacked';
|
|
select 'safety.sql' as link, 'More about SQLPage security' as title where $attack='attacked';
|
|
select 'https://github.com/sqlpage/SQLPage/security' as link, 'Report a vulnerability' as title where $attack='attacked'; |