Page can be ignored by embeded search engine with page param "ignoresearch"

18 files changed, 24 insertions, 0 deletions

diff --git a/exampleSite/content/checklist/webappsec/01_appmetadata.md b/exampleSite/content/checklist/webappsec/01_appmetadata.md
index 24f4e89..5c21612 100644
--- a/exampleSite/content/checklist/webappsec/01_appmetadata.md
+++ b/exampleSite/content/checklist/webappsec/01_appmetadata.md
@@ -1,5 +1,6 @@
 ---
 hidden: true
+ignoresearch: true
 ---
 
 The name of the application: {{<c/text "app_name*" />}}
diff --git a/exampleSite/content/checklist/webappsec/02_vulnerabilityreporting.md b/exampleSite/content/checklist/webappsec/02_vulnerabilityreporting.md
index 195bea3..8bc1ad2 100644
--- a/exampleSite/content/checklist/webappsec/02_vulnerabilityreporting.md
+++ b/exampleSite/content/checklist/webappsec/02_vulnerabilityreporting.md
@@ -1,5 +1,6 @@
 ---
 hidden: true
+ignoresearch: true
 ---
 Because no system is entirely free of security issues, it's important to provide ways for external users to offer input and report vulnerabilities.
 
diff --git a/exampleSite/content/checklist/webappsec/03_https.md b/exampleSite/content/checklist/webappsec/03_https.md
index 98d0141..01dc317 100644
--- a/exampleSite/content/checklist/webappsec/03_https.md
+++ b/exampleSite/content/checklist/webappsec/03_https.md
@@ -1,5 +1,7 @@
 ---
 hidden: true
+ignoresearch: true
+
 ---
 
 
diff --git a/exampleSite/content/checklist/webappsec/04_authz.md b/exampleSite/content/checklist/webappsec/04_authz.md
index bf9b5d6..2a31fa5 100644
--- a/exampleSite/content/checklist/webappsec/04_authz.md
+++ b/exampleSite/content/checklist/webappsec/04_authz.md
@@ -1,5 +1,6 @@
 ---
 hidden: true
+ignoresearch: true
 ---
 
 **To get started, tell us a little about your application so we can ask you the right questions.**
diff --git a/exampleSite/content/checklist/webappsec/04_authz_AuthenticationCookiesandSessions.md b/exampleSite/content/checklist/webappsec/04_authz_AuthenticationCookiesandSessions.md
index 38c07b6..32abede 100644
--- a/exampleSite/content/checklist/webappsec/04_authz_AuthenticationCookiesandSessions.md
+++ b/exampleSite/content/checklist/webappsec/04_authz_AuthenticationCookiesandSessions.md
@@ -1,5 +1,6 @@
 ---
 hidden: true
+ignoresearch: true
 ---
 **Cookies can be decorated with a special keyword, `HttpOnly`. If this keyword is set, the browser will not allow JavaScript to access the cookie. Even if the application has a cross-site scripting vulnerability, this keyword makes it much harder for an attacker to steal the session cookie.**
 
diff --git a/exampleSite/content/checklist/webappsec/04_authz_Authorization.md b/exampleSite/content/checklist/webappsec/04_authz_Authorization.md
index 13df6ae..2563877 100644
--- a/exampleSite/content/checklist/webappsec/04_authz_Authorization.md
+++ b/exampleSite/content/checklist/webappsec/04_authz_Authorization.md
@@ -1,5 +1,6 @@
 ---
 hidden: true
+ignoresearch: true
 ---
 In most applications, certain information should only be accessible to certain users. For example, in most applications that require authentication, only the currently logged-in user should be able to change master data (such as the username, the associated email address, or the account password). When an application has data that should not be available to other users or should be restricted to certain roles, authorization must be enforced on the server side.
 
diff --git a/exampleSite/content/checklist/webappsec/04_authz_AuthorizationRelatedWebVulnerabilities.md b/exampleSite/content/checklist/webappsec/04_authz_AuthorizationRelatedWebVulnerabilities.md
index c0c4512..b84d687 100644
--- a/exampleSite/content/checklist/webappsec/04_authz_AuthorizationRelatedWebVulnerabilities.md
+++ b/exampleSite/content/checklist/webappsec/04_authz_AuthorizationRelatedWebVulnerabilities.md
@@ -1,5 +1,6 @@
 ---
 hidden: true
+ignoresearch: true
 ---
 #### Cross Site Request Forgery
 Applications must protect all state-changing actions against cross-site request forgery (XSRF). In this attack, a malicious user forces the victim to send a request to the application, for example by luring the user to a page under the attacker's control. Because the browser automatically attaches available authentication cookies, the request will appear to be authorized if the user is logged in to the application.
diff --git a/exampleSite/content/checklist/webappsec/04_authz_OAuth2Login.md b/exampleSite/content/checklist/webappsec/04_authz_OAuth2Login.md
index 850e23e..2046e05 100644
--- a/exampleSite/content/checklist/webappsec/04_authz_OAuth2Login.md
+++ b/exampleSite/content/checklist/webappsec/04_authz_OAuth2Login.md
@@ -1,5 +1,6 @@
 ---
 hidden: true
+ignoresearch: true
 ---
 
 **Implementing OAuth2 Login / OpenID Connect from scratch is fairly complex and error-prone, and mistakes can result in security vulnerabilities. Select the option that best describes your implementation:**
diff --git a/exampleSite/content/checklist/webappsec/04_authz_UsernamePasswordAuthentication.md b/exampleSite/content/checklist/webappsec/04_authz_UsernamePasswordAuthentication.md
index 74f5679..4f0901e 100644
--- a/exampleSite/content/checklist/webappsec/04_authz_UsernamePasswordAuthentication.md
+++ b/exampleSite/content/checklist/webappsec/04_authz_UsernamePasswordAuthentication.md
@@ -1,5 +1,6 @@
 ---
 hidden: true
+ignoresearch: true
 ---
 **What username/password-based logins does the application use? For example, if there's a separate administrator authentication, mention that.**
 {{<c/text "Auths_handle_password_details" multi />}}
diff --git a/exampleSite/content/checklist/webappsec/05_commonvuln.md b/exampleSite/content/checklist/webappsec/05_commonvuln.md
index 9073924..d28f38d 100644
--- a/exampleSite/content/checklist/webappsec/05_commonvuln.md
+++ b/exampleSite/content/checklist/webappsec/05_commonvuln.md
@@ -1,5 +1,6 @@
 ---
 hidden: true
+ignoresearch: true
 ---
 
 **Certain features can result in security issues, if used incorrectly. To help us identify potential issues, select the statements that describe your application:**
diff --git a/exampleSite/content/checklist/webappsec/05_commonvuln_BrowserPlugins.md b/exampleSite/content/checklist/webappsec/05_commonvuln_BrowserPlugins.md
index a313e63..e388830 100644
--- a/exampleSite/content/checklist/webappsec/05_commonvuln_BrowserPlugins.md
+++ b/exampleSite/content/checklist/webappsec/05_commonvuln_BrowserPlugins.md
@@ -1,5 +1,6 @@
 ---
 hidden: true
+ignoresearch: true
 ---
 **You mentioned that your application requires certain browser plugins to work correctly. Which of the following plugins are required?**
 {{<c/choices webvuln_plugin  multi >}}
diff --git a/exampleSite/content/checklist/webappsec/05_commonvuln_CrossSiteScripting.md b/exampleSite/content/checklist/webappsec/05_commonvuln_CrossSiteScripting.md
index 14c26b7..c7238b7 100644
--- a/exampleSite/content/checklist/webappsec/05_commonvuln_CrossSiteScripting.md
+++ b/exampleSite/content/checklist/webappsec/05_commonvuln_CrossSiteScripting.md
@@ -1,5 +1,6 @@
 ---
 hidden: true
+ignoresearch: true
 ---
 
 
diff --git a/exampleSite/content/checklist/webappsec/05_commonvuln_FileUploads.md b/exampleSite/content/checklist/webappsec/05_commonvuln_FileUploads.md
index 521cb29..131f1ab 100644
--- a/exampleSite/content/checklist/webappsec/05_commonvuln_FileUploads.md
+++ b/exampleSite/content/checklist/webappsec/05_commonvuln_FileUploads.md
@@ -1,5 +1,6 @@
 ---
 hidden: true
+ignoresearch: true
 ---
 
 **You mentioned previously that your application allows users to upload files. Where does the application store those files?**
diff --git a/exampleSite/content/checklist/webappsec/05_commonvuln_PersistenceBackEndsandQuerying.md b/exampleSite/content/checklist/webappsec/05_commonvuln_PersistenceBackEndsandQuerying.md
index 56e39ee..094c937 100644
--- a/exampleSite/content/checklist/webappsec/05_commonvuln_PersistenceBackEndsandQuerying.md
+++ b/exampleSite/content/checklist/webappsec/05_commonvuln_PersistenceBackEndsandQuerying.md
@@ -1,5 +1,6 @@
 ---
 hidden: true
+ignoresearch: true
 ---
 
 Because your application uses a database or a similar back end to persist data, we need to make sure it's not vulnerable to injection attacks, such as [SQL injection](http://en.wikipedia.org/wiki/SQL_injection)
diff --git a/exampleSite/content/checklist/webappsec/05_commonvuln_UseofCryptography.md b/exampleSite/content/checklist/webappsec/05_commonvuln_UseofCryptography.md
index 305d081..ee42846 100644
--- a/exampleSite/content/checklist/webappsec/05_commonvuln_UseofCryptography.md
+++ b/exampleSite/content/checklist/webappsec/05_commonvuln_UseofCryptography.md
@@ -1,5 +1,6 @@
 ---
 hidden: true
+ignoresearch: true
 ---
 
 
diff --git a/exampleSite/content/checklist/webappsec/06_testing.md b/exampleSite/content/checklist/webappsec/06_testing.md
index a2cd97d..56fa333 100644
--- a/exampleSite/content/checklist/webappsec/06_testing.md
+++ b/exampleSite/content/checklist/webappsec/06_testing.md
@@ -1,5 +1,6 @@
 ---
 hidden: true
+ignoresearch: true
 ---
 Security testing can be part of standard application tests. Here are some examples:
 
diff --git a/exampleSite/content/content-and-customization/00-adding-content/_index.md b/exampleSite/content/content-and-customization/00-adding-content/_index.md
index baa0639..92cee4a 100644
--- a/exampleSite/content/content-and-customization/00-adding-content/_index.md
+++ b/exampleSite/content/content-and-customization/00-adding-content/_index.md
@@ -89,6 +89,9 @@ subpage: false # usefull when you want to force a sub section to be considered a
 #  redirect = "folder" 
 #  redirect = "folder/_index.md" 
 redirect: "folder/_index.md"
+
+# Do not include this page in search results
+nosearch: true
 ---
 ```
 
diff --git a/layouts/index.json b/layouts/index.json
index c0152f3..3875102 100644
--- a/layouts/index.json
+++ b/layouts/index.json
@@ -1,6 +1,8 @@
 [{{ range $index, $page := .Site.Pages }}
 {{- if not (hasPrefix $page.Section "_") -}}
+{{- if  $page.File -}}
 {{- if not (hasPrefix $page.File.BaseFileName "__") -}}
+{{- if not ( $page.Params.Ignoresearch) -}}
 {{- if ne $page.Type "json" -}}
 {{- if and $index (gt $index 0) -}},{{- end }}
 {
@@ -13,4 +15,6 @@
 {{- end -}}
 {{- end -}}
 {{- end -}}
+{{- end -}}
+{{- end -}}
 {{- end -}}]
\ No newline at end of file