Commit graph

869 commits

Author SHA1 Message Date
Absturztaube
12db1d8719 Merge branch 'develop' into fedi-absturztau-be 2021-12-15 20:50:39 +01:00
rinpatch
d36b45ad43 entity_normalizer: Escape name when parsing user
In January 2020 Pleroma backend stopped escaping HTML in display names
and passed that responsibility on frontends, compliant with Mastodon's
version of Mastodon API [1]. Pleroma-FE was subsequently modified to
escape the display name [2], however only in the "name_html" field. This
was fine however, since that's what the code rendering display names used.

However, 2 months ago an MR [3] refactoring the way the frontend does emoji
and mention rendering was merged. One of the things it did was moving away
from doing emoji rendering in the entity normalizer and use the unescaped
'user.name' in the rendering code, resulting in HTML injection being
possible again.

This patch escapes 'user.name' as well, as far as I can tell there is no
actual use for an unescaped display name in frontend code, especially
when it comes from MastoAPI, where it is not supposed to be HTML.

[1]: https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1052
[2]: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2167
[3]: https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1392
2021-11-16 20:35:23 +03:00
Absturztaube
d34cef391b resolve merge confilcts 2021-10-02 19:31:29 +02:00
HJ
1c53528433 Merge branch 'fix-favico-badge-chrome' into 'develop'
fix favico badge not working on chrome

See merge request pleroma/pleroma-fe!1391
2021-09-07 16:17:31 +00:00
Henry Jameson
f16658adfc fix tests 2021-08-15 02:59:14 +03:00
Henry Jameson
97e86381c8 remove old emoji added, everything emoji-bearing uses RichContent now 2021-08-13 13:12:33 +03:00
Henry Jameson
4c974f5ca2 richcontent support in polls, user cards and user profiles 2021-08-13 13:06:42 +03:00
Henry Jameson
6c6df29ed3 support richcontent in polls 2021-08-13 12:19:57 +03:00
Absturztaube
5a5320b71c Merge branch 'tusooa/pleroma-fe-from/develop/tusooa/media-touch-actions' into fedi-absturztau-be 2021-08-07 11:54:30 +02:00
Tusooa Zhu
3366c915e9
Check whether we swiped only for mouse pointer 2021-08-02 22:29:49 -04:00
Tusooa Zhu
db71bbf358
Scale swipe threshold with viewport width 2021-08-02 22:29:48 -04:00
Tusooa Zhu
33384af5df
Use native click for hiding overlay
The pointerup strategy is unsuccessful, as some other overlays
(Firefox's Inspect Element) will pass down pointerup events.
2021-08-02 22:29:48 -04:00
Tusooa Zhu
cd9384adae
Clean up 2021-08-02 22:29:47 -04:00
Tusooa Zhu
7469849c39
Add swipe-click handler to media modal
Now swiping will correctly change the current media, and with a good
preview. Clicking without swiping closes the overlay.
2021-08-02 22:29:47 -04:00
Tusooa Zhu
7d767f840b
Handle pinch action 2021-08-02 22:29:46 -04:00
Tusooa Zhu
aa70c31950
Preview swipe action 2021-08-02 22:29:46 -04:00
Tusooa Zhu
61509d1b1e
Make media modal be aware of multi-touch actions
Originally the media viewer would think every touch is a swipe (one-finger
touch event), so we would encounter the case where a two-finger scale event
would incorrectly change the current media. This is now fixed.
2021-08-02 22:28:16 -04:00
Absturztaube
fcf1c7b4b4 resolve merge conflicts 2021-06-21 13:58:30 +02:00
Henry Jameson
8fe4355a6b fix rich images 2021-06-18 21:29:47 +03:00
Henry Jameson
bebafa1a2c refactored line converter, untied its logic from greentexting, better
handling of broken cases
2021-06-13 15:24:29 +03:00
Henry Jameson
418f029789 review + fixes 2021-06-12 20:43:29 +03:00
Henry Jameson
90a188f2c3 cleanup 2021-06-12 19:54:34 +03:00
Henry Jameson
cd44556750 restructure and tests
squash! restructure and tests
2021-06-12 19:54:30 +03:00
Henry Jameson
5834790d0b fix #935 2021-06-11 11:50:05 +03:00
Henry Jameson
f819227bed fixed console errors, improved user-selecting, added cyantexting 2021-06-11 11:49:32 +03:00
Henry Jameson
cc00af7a31 Hellthread(tm) Certified 2021-06-10 18:52:01 +03:00
Henry Jameson
7d6fc044fb new mentions look 2021-06-07 23:42:04 +03:00
Henry Jameson
8e9f5d7580 renamed StatusText to StatusBody for clarity, fixed chats 2021-06-07 19:50:38 +03:00
Henry Jameson
04fa1f0b2d some docs, added richcontent to usernames in status, updated stillImage
to allow scale of "gif" label
2021-06-07 18:41:47 +03:00
Henry Jameson
b0ae32e309 made getAttrs correctly handle both ' and " 2021-06-07 18:41:47 +03:00
Henry Jameson
be79643bcf fix emoji processor not leaving string as-is if no emoji are found 2021-06-07 18:41:47 +03:00
Henry Jameson
20ce646852 [WIP] MUCH better approach to replacing emojis with still versions 2021-06-07 18:41:47 +03:00
Henry Jameson
2a2483f4c9 handle multiple favicons (different sizes) 2021-06-02 12:47:54 +03:00
Henry Jameson
008e711e11 fix favico badge not working on chrome 2021-06-02 12:15:31 +03:00
HJ
dc611dffdb Merge branch 'flash-support' into 'develop'
Flash support

See merge request pleroma/pleroma-fe!1380
2021-05-31 11:00:53 +00:00
Absturztaube
c8e517828e Merge branch 'develop' into fedi-absturztau-be 2021-05-12 13:50:27 +02:00
Matilde Park
06d0254cc5 entity_normalizer: safely check screen_name
Prevents a crash on undefined screen name cases.
2021-04-21 01:40:25 -04:00
Absturztaube
c44f2bbcd6 Merge branch 'develop' into fedi-absturztau-be 2021-04-19 11:45:22 +02:00
Henry Jameson
87903fbf6d do not load ruffle multiple times! 2021-04-12 01:15:59 +03:00
Henry Jameson
5fdc4a1904 whooops dropped my monstercondo 2021-04-12 00:03:17 +03:00
Henry Jameson
d695dcaff9 experimental flash support through ruffle 2021-04-09 19:14:05 +03:00
HJ
8b96ea9377 Merge branch 'settings-import-export' into 'develop'
Settings backup/restore + small fixes

See merge request pleroma/pleroma-fe!1372
2021-04-07 17:40:07 +00:00
Absturztaube
7f05730e9b resolve merge conflicts and update fixes 2021-03-16 11:20:22 +01:00
Absturztaube
6ef591bdcc Merge branch 'develop' into fedi-absturztau-be 2021-03-09 17:14:31 +01:00
Henry Jameson
a8967d85bd streamlined WS flow, reduced spam amount related to WS reconnections 2021-03-09 02:38:10 +02:00
Henry Jameson
90afcd3420 WIP some work on making errors less spammy 2021-03-08 22:24:39 +02:00
Henry Jameson
2e7bd99444 Merge remote-tracking branch 'origin/develop' into websocket-fixes
* origin/develop: (119 commits)
  Apply 1 suggestion(s) to 1 file(s)
  Make it possible to localize user highlight options
  remove shoutbox test hacks
  fix shoutbox header, use custom scroll-to-bottom system, remove vue-chat-scroll, temporarily add chat test hack
  update changelog with 2.3.0
  change icons around
  Translated using Weblate (Japanese)
  Update timeline_quick_settings.js
  add screen_name_ui to tests
  separate screen_name and screen_name_ui with decoded punycode
  Update CHANGELOG.md
  add basic validation for statusless status notifications
  changelog mention
  fix chat unread badge
  update shelljs to get rid of warnings on build
  save a few characters
  focus input in emoji picker and react picker
  fix vue warnings
  add only to wording
  basic loggedin check for reply filtering
  ...
2021-03-08 22:01:28 +02:00
Henry Jameson
3d95ea6acb cleanup + fix 2021-03-08 21:56:20 +02:00
Henry Jameson
bd5b62b107 changed importexport into a service instead of component for simplicity 2021-03-08 19:42:24 +02:00
Henry Jameson
4baa397ed0 fixed another problem with p's broken theme causing theme editor to
become unusable
2021-03-08 19:19:16 +02:00