Thalassa CMS

UPD (Dec 21, 2025): the version 0.3.50 found to be buggy. Please download the version 0.3.51 which is a quick-fix release.

Some brain-damaged webcoding addicts demonstrated me (by submitting comments with some related crap) the possibility to introduce JavaScript into user comments using tag attributes appeared in HTML5 such as onclick, onpageshow etc., and browsers happily ignore the fact the document they render has nothing to do with HTML5. I have to admit I didn't realize things like that are possible. Luckily, all my sites are premoderated, so no visible consequences occured, but it became obvious for me that tag attributes need to be filtered just like tags theyselves.

It took several days of work to significantly rewrite the filter (for those who're courious, it is implemented in the lib/stfilter/stfhtml.cpp file using an FSM) and add the appropriate support to Thalassa itself, as well as to the thalcgi.cgi program. Anyway, Thalassa 0.3.50 is now ready and has just been made available.

There are two user-visible changes:

• New parameter named tag_attributes is added to the [format ] section both in the Thalassa main configuration and the thalcgi.ini file. A kinda-safe default is provided for its value, and the default value is a=href img=src img=alt, only allowing to use the href attribute within the a tag, and src and alt attributes for the img tag, if the tags are allowed. All this only affects headed text files where the tags flag is found in the format header field (typically the comments written by users using the web interface). You only need to worry about all this in case you really wish to allow users more things to do within their comments, like, e.g., allowing the style attribute for all tags (think carefully before you do).
• For the thalcgi.cgi configuration, the %[cmtinfo:attrs] macro function added.

Nothing should (hopefully) break on your site if you move to this new version from the previous one; most users leaving comments simply don't remember about all these tag attributes. However, we strongly recommend to test it before deploying on running sites.

Thalassa 0.3.30 released. This release is mainly devoted to the new comment displaying style, named thread. With this style, top-level comments are displayed on the page being commented, and for each top-level comment, a separate page is created to hold replies on that comment, if any. The Agenda template, from now on, allows to choose the style for comments, either “plain” (list), or tree (the default one), or the new thread style. The new comment style also affected the macroprocessor, where the %[cmt:replies] and %[cmt:threadpg] functions are added.

Besides that, this release fixes a problem related to the dirname(3) function. The problem didn't let Thalassa work on OpenBSD due to a slightly different implementation of the function.

And the last thing to mention: the %[rfcdate: ] macro now adds “UTC” to the text representation of the date.

This release doesn't (hopefully) introduce any incompatibilities with earlier releases; it should be safe to upgrade both the Thalassa version and the Agenda template. If you'd like to give a try to the support of different comment styles, then take a look at the appearance.ini file, find the [options cmt] sectioin and copy it to your appearance.ini, then edit as appropriate.

Thalassa 0.3.20 released. This time Thalassa itself gets only minor changes:

• the menu facility now supports text labels (texts displayed inside the menu, not being a menu item) and breaks (may be whatever you want, placed between certain menu items to group the items and separate the groups from each other; e.g., an extra whitespace, a rule or a bullet);
• sections that define stand-alone page now recognize a path parameter which overrides the section name for local path (URI) of the page; the parameter is passed through the macroprocessor, so the actual name for the generated file may be set by, e.g., an option, and setting it to some “special” values disables the page.

Besides that, a segfault has been fixed, which happened on an attempt to generate an unknown (unconfigured) stand-alone page from command line.

More significant changes are related to site templates. First of all, a brand new template, named Agenda, is added. The new template mostly provides the same functions as the old good Smoky: pages, feed (either a news strip or a blog, exported to RSS), a guestbook and contact form. Unlike Smoky, Agenda uses a side panel for the main menu, and the panel may be placed at the left side, at the right side, or suppressed (in which case you'll probably have to care about basic navigation on your own). Four prepared color schemes come with Agenda, and generally a color scheme consists of less values to be set, so it made customizable by the site author. Besides that, some sizes and lengths may also be customized; the side panel's width may serve as a good example.

The next notable thing is that both templates now support translations to languages other than English. In the source tarball, translations to Russian are provided, both for koi8-r and utf-8 encodings.

The two templates have a lot

Thalassa 0.3.10 released. This is mainly a bugfix release, including:

Within the documentation section, a step-by-step guide to setup Apache for serving Thalassa-based sites is now available. It is strongly recommended to use suexec even if your servier is only going to serve a single site, but along with that, the guide explain how to configure your server properly to make the default Apache site Thalassa-based and how to serve several virtual sites without suexec, although it is specially stressed that this approach is ugly.