Commit graph

827 commits

Author SHA1 Message Date
Henry Jameson
571e73a346 better approach to unescaping 2022-02-03 23:13:28 +02:00
rinpatch
d36b45ad43 entity_normalizer: Escape name when parsing user
In January 2020 Pleroma backend stopped escaping HTML in display names
and passed that responsibility on frontends, compliant with Mastodon's
version of Mastodon API [1]. Pleroma-FE was subsequently modified to
escape the display name [2], however only in the "name_html" field. This
was fine however, since that's what the code rendering display names used.

However, 2 months ago an MR [3] refactoring the way the frontend does emoji
and mention rendering was merged. One of the things it did was moving away
from doing emoji rendering in the entity normalizer and use the unescaped
'user.name' in the rendering code, resulting in HTML injection being
possible again.

This patch escapes 'user.name' as well, as far as I can tell there is no
actual use for an unescaped display name in frontend code, especially
when it comes from MastoAPI, where it is not supposed to be HTML.

[1]: https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1052
[2]: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2167
[3]: https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1392
2021-11-16 20:35:23 +03:00
HJ
1c53528433 Merge branch 'fix-favico-badge-chrome' into 'develop'
fix favico badge not working on chrome

See merge request pleroma/pleroma-fe!1391
2021-09-07 16:17:31 +00:00
Henry Jameson
f16658adfc fix tests 2021-08-15 02:59:14 +03:00
Henry Jameson
97e86381c8 remove old emoji added, everything emoji-bearing uses RichContent now 2021-08-13 13:12:33 +03:00
Henry Jameson
4c974f5ca2 richcontent support in polls, user cards and user profiles 2021-08-13 13:06:42 +03:00
Henry Jameson
6c6df29ed3 support richcontent in polls 2021-08-13 12:19:57 +03:00
Henry Jameson
8fe4355a6b fix rich images 2021-06-18 21:29:47 +03:00
Henry Jameson
bebafa1a2c refactored line converter, untied its logic from greentexting, better
handling of broken cases
2021-06-13 15:24:29 +03:00
Henry Jameson
418f029789 review + fixes 2021-06-12 20:43:29 +03:00
Henry Jameson
90a188f2c3 cleanup 2021-06-12 19:54:34 +03:00
Henry Jameson
cd44556750 restructure and tests
squash! restructure and tests
2021-06-12 19:54:30 +03:00
Henry Jameson
5834790d0b fix #935 2021-06-11 11:50:05 +03:00
Henry Jameson
f819227bed fixed console errors, improved user-selecting, added cyantexting 2021-06-11 11:49:32 +03:00
Henry Jameson
cc00af7a31 Hellthread(tm) Certified 2021-06-10 18:52:01 +03:00
Henry Jameson
7d6fc044fb new mentions look 2021-06-07 23:42:04 +03:00
Henry Jameson
8e9f5d7580 renamed StatusText to StatusBody for clarity, fixed chats 2021-06-07 19:50:38 +03:00
Henry Jameson
04fa1f0b2d some docs, added richcontent to usernames in status, updated stillImage
to allow scale of "gif" label
2021-06-07 18:41:47 +03:00
Henry Jameson
b0ae32e309 made getAttrs correctly handle both ' and " 2021-06-07 18:41:47 +03:00
Henry Jameson
be79643bcf fix emoji processor not leaving string as-is if no emoji are found 2021-06-07 18:41:47 +03:00
Henry Jameson
20ce646852 [WIP] MUCH better approach to replacing emojis with still versions 2021-06-07 18:41:47 +03:00
Henry Jameson
2a2483f4c9 handle multiple favicons (different sizes) 2021-06-02 12:47:54 +03:00
Henry Jameson
008e711e11 fix favico badge not working on chrome 2021-06-02 12:15:31 +03:00
HJ
dc611dffdb Merge branch 'flash-support' into 'develop'
Flash support

See merge request pleroma/pleroma-fe!1380
2021-05-31 11:00:53 +00:00
Matilde Park
06d0254cc5 entity_normalizer: safely check screen_name
Prevents a crash on undefined screen name cases.
2021-04-21 01:40:25 -04:00
Henry Jameson
87903fbf6d do not load ruffle multiple times! 2021-04-12 01:15:59 +03:00
Henry Jameson
5fdc4a1904 whooops dropped my monstercondo 2021-04-12 00:03:17 +03:00
Henry Jameson
d695dcaff9 experimental flash support through ruffle 2021-04-09 19:14:05 +03:00
HJ
8b96ea9377 Merge branch 'settings-import-export' into 'develop'
Settings backup/restore + small fixes

See merge request pleroma/pleroma-fe!1372
2021-04-07 17:40:07 +00:00
Henry Jameson
a8967d85bd streamlined WS flow, reduced spam amount related to WS reconnections 2021-03-09 02:38:10 +02:00
Henry Jameson
90afcd3420 WIP some work on making errors less spammy 2021-03-08 22:24:39 +02:00
Henry Jameson
2e7bd99444 Merge remote-tracking branch 'origin/develop' into websocket-fixes
* origin/develop: (119 commits)
  Apply 1 suggestion(s) to 1 file(s)
  Make it possible to localize user highlight options
  remove shoutbox test hacks
  fix shoutbox header, use custom scroll-to-bottom system, remove vue-chat-scroll, temporarily add chat test hack
  update changelog with 2.3.0
  change icons around
  Translated using Weblate (Japanese)
  Update timeline_quick_settings.js
  add screen_name_ui to tests
  separate screen_name and screen_name_ui with decoded punycode
  Update CHANGELOG.md
  add basic validation for statusless status notifications
  changelog mention
  fix chat unread badge
  update shelljs to get rid of warnings on build
  save a few characters
  focus input in emoji picker and react picker
  fix vue warnings
  add only to wording
  basic loggedin check for reply filtering
  ...
2021-03-08 22:01:28 +02:00
Henry Jameson
3d95ea6acb cleanup + fix 2021-03-08 21:56:20 +02:00
Henry Jameson
bd5b62b107 changed importexport into a service instead of component for simplicity 2021-03-08 19:42:24 +02:00
Henry Jameson
4baa397ed0 fixed another problem with p's broken theme causing theme editor to
become unusable
2021-03-08 19:19:16 +02:00
Shpuld Shpludson
237f272d15 Merge branch 'develop' into 'fix/punycode-buggy'
# Conflicts:
#   CHANGELOG.md
2021-02-27 18:03:49 +00:00
Shpuld Shpuldson
09fe160e8b separate screen_name and screen_name_ui with decoded punycode 2021-02-26 16:23:11 +02:00
Shpuld Shpuldson
cd2f5ced31 add basic validation for statusless status notifications 2021-02-26 14:27:25 +02:00
Shpuld Shpuldson
47770ed715 get rid of older messages when scrolling down in chat to keep it from bloating dom 2021-02-17 10:16:58 +02:00
Henry Jameson
2576b75059 fallback if shadows aren't defined 2021-01-28 14:05:32 +02:00
Henry Jameson
272ba8f7a9 Fix p's weird corrupt theme data crashing theme engine 2021-01-23 13:58:40 +02:00
Shpuld Shpludson
0358284ebf Merge branch 'feat/language-picker-native-names' into 'develop'
Use native language names in the language picker

See merge request pleroma/pleroma-fe!1302
2021-01-21 13:41:36 +00:00
rinpatch
11c7355749 Use native language names in the language picker
This seems more intuitive to me and is what I've seen in most other
language pickers.
2021-01-21 14:24:16 +03:00
feld
831cf9eafb Apply 1 suggestion(s) to 1 file(s) 2021-01-20 14:47:13 -06:00
Mark Felder
36e56354e4 More robust backwards compatibility 2021-01-19 10:01:55 -06:00
Mark Felder
9656c9b969 Support old user.deactivated and new user.is_active fields 2021-01-18 15:54:12 -06:00
Henry Jameson
9a8bc245a6 fixed few-posts TLs when streaming is enabled 2021-01-13 22:17:29 +02:00
Henry Jameson
48bef143d8 fix not being able to re-enable sockets until page refresh 2021-01-13 21:33:20 +02:00
Henry Jameson
adc3b17fe0 add success global notice style/level 2021-01-13 21:29:12 +02:00
Shpuld Shpuldson
65dbf7b85d Add report button to status ellipsis menu 2021-01-12 14:43:21 +02:00