## xssbook

### description

who doesn't want to run non free javascript

now with xssbook you can run as much stallman disapprovement as you want
- all inputs on the site are unfiltered
- api calls dont care what you send them as long as they are valid strings
- upload anyfiles to be your profile avatar and banner (even adobe flash!!!)

### installation

To get the checkout run:

```sh
git clone https://g.freya.cat/freya/xssbook2 xssbook2
cd xssbook2
git submodule update --init
```

XSSBook v2 runs in docker compose. Do ALL of the following:

- MUST Copy `example.env` to `.env`
- MUST update the following settings in `.env`
  - `API_SECRET` - Your own private JWT secret
  - `XSSBOOK_*` - Domain info for XSSBook is being hosted
    - NOT REQUIRED in [development](https://g.freya.cat/freya/crimson/src/branch/main/src/config.php#L20) mode
- MAY want to update the following settings in `.env`
  - `HTTP_BIND` - The addresses XSSBook will listen on
  - `HTTP_PORT` - The port XSSBook will listen on
  - `ENVIRONMENT` - If you want to test XSSBook in [development] mode
- MUST build the following assets by running `make`
  - CSS files. MUST have `sassc` installed
- MUST use `site/bin/compose` instead of `docker compose`

Once XSSBook is configured properly. Run the following to build the container
images and start up the compose stack for XSSBook.

```sh
./site/bin/compose build --pull
./site/bin/compose up -d
```

> NOTE: XSSBook needs all docker volumes to be owned by uid 1000 gid 1000. If
  you are NOT the root user or user 1000:1000, the compose script will ask for
  sudo access to be able to set the volume permissions.

### migrating from xssbook v1

See `shim/README.md`

### license

This project is licensed under the GNU GPLv3.