From 4bc7873e037dd4760c32e3dda4a94462696684e6 Mon Sep 17 00:00:00 2001
From: HJ <30-hj@users.noreply.git.pleroma.social>
Date: Mon, 5 Jun 2023 19:04:30 +0000
Subject: [PATCH 1/3] Merge branch 'harden-parser' into 'develop'

fix regex misinterpreting tag name in badly formed HTML

See merge request pleroma/pleroma-fe!1835

(cherry picked from commit 624af7ed00b0edb2792f84cc83f6eeb7568798c4)

00b47e16 fix regex misinterpreting tag name in badly formed HTML, prevent rich
5e656cc0 Merge remote-tracking branch 'origin/develop' into harden-parser
10e28f6c changelog
0109724a case insensititvy
---
 changelog.d/parser.fix                         | 1 +
 src/components/rich_content/rich_content.jsx   | 4 +++-
 src/services/html_converter/utility.service.js | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 changelog.d/parser.fix

diff --git a/changelog.d/parser.fix b/changelog.d/parser.fix
new file mode 100644
index 0000000000..13bac0bf6e
--- /dev/null
+++ b/changelog.d/parser.fix
@@ -0,0 +1 @@
+fix regex issue in HTML parser/renderer
diff --git a/src/components/rich_content/rich_content.jsx b/src/components/rich_content/rich_content.jsx
index 7881e365cc..b16ab242e2 100644
--- a/src/components/rich_content/rich_content.jsx
+++ b/src/components/rich_content/rich_content.jsx
@@ -149,7 +149,9 @@ export default {
       // Handle tag nodes
       if (Array.isArray(item)) {
         const [opener, children, closer] = item
-        const Tag = getTagName(opener)
+        let Tag = getTagName(opener)
+        if (Tag.toLowerCase() === 'script') Tag = 'js-exploit'
+        if (Tag.toLowerCase() === 'style') Tag = 'css-exploit'
         const fullAttrs = getAttrs(opener, () => true)
         const attrs = getAttrs(opener)
         const previouslyMentions = currentMentions !== null
diff --git a/src/services/html_converter/utility.service.js b/src/services/html_converter/utility.service.js
index f104297183..a130135374 100644
--- a/src/services/html_converter/utility.service.js
+++ b/src/services/html_converter/utility.service.js
@@ -5,7 +5,7 @@
  * @return {String} - tagname, i.e. "div"
  */
 export const getTagName = (tag) => {
-  const result = /(?:<\/(\w+)>|<(\w+)\s?.*?\/?>)/gi.exec(tag)
+  const result = /(?:<\/(\w+)>|<(\w+)\s?.*?\/?>)/gis.exec(tag)
   return result && (result[1] || result[2])
 }
 

From c8b5b7845da6874b4d4ecbea5ac7003171c5ad29 Mon Sep 17 00:00:00 2001
From: Henry Jameson <me@hjkos.com>
Date: Sun, 29 Oct 2023 18:29:28 +0200
Subject: [PATCH 2/3] Changelog 2.6.0

---
 CHANGELOG.md                                  | 25 +++++++++++++++++
 ...add-taiwanese-aka-hokkien-i18n-support.add |  1 -
 changelog.d/adminfe.add                       |  1 -
 changelog.d/check-changelog.skip              |  0
 changelog.d/custom-emoji-notif-width.fix      |  1 -
 changelog.d/edit-profile-button.fix           |  1 -
 .../emoji-picker-button-accessible.fix        |  1 -
 changelog.d/export-subst-hash.fix             |  1 -
 changelog.d/fix-reports.fix                   |  1 -
 changelog.d/html-attribute-parsing.fix        |  1 -
 changelog.d/mention-twice.fix                 |  1 -
 changelog.d/mentionsline-shouldbreak.fix      |  1 -
 changelog.d/nonascii-tags.fix                 |  1 -
 changelog.d/oauth2-token-linger.fix           |  1 -
 changelog.d/parser.fix                        |  1 -
 changelog.d/quote-hide-oops.fix               |  1 -
 changelog.d/quote-hide.fix                    |  1 -
 changelog.d/quote.add                         |  1 -
 changelog.d/react-button-safari.fix           |  1 -
 changelog.d/react-button.fix                  |  1 -
 changelog.d/reload-user-pinned.fix            |  1 -
 changelog.d/scroll-emoji-selector-safari.fix  |  1 -
 tools/collect-changelog                       | 27 +++++++++++++++++++
 23 files changed, 52 insertions(+), 20 deletions(-)
 delete mode 100644 changelog.d/add-taiwanese-aka-hokkien-i18n-support.add
 delete mode 100644 changelog.d/adminfe.add
 delete mode 100644 changelog.d/check-changelog.skip
 delete mode 100644 changelog.d/custom-emoji-notif-width.fix
 delete mode 100644 changelog.d/edit-profile-button.fix
 delete mode 100644 changelog.d/emoji-picker-button-accessible.fix
 delete mode 100644 changelog.d/export-subst-hash.fix
 delete mode 100644 changelog.d/fix-reports.fix
 delete mode 100644 changelog.d/html-attribute-parsing.fix
 delete mode 100644 changelog.d/mention-twice.fix
 delete mode 100644 changelog.d/mentionsline-shouldbreak.fix
 delete mode 100644 changelog.d/nonascii-tags.fix
 delete mode 100644 changelog.d/oauth2-token-linger.fix
 delete mode 100644 changelog.d/parser.fix
 delete mode 100644 changelog.d/quote-hide-oops.fix
 delete mode 100644 changelog.d/quote-hide.fix
 delete mode 100644 changelog.d/quote.add
 delete mode 100644 changelog.d/react-button-safari.fix
 delete mode 100644 changelog.d/react-button.fix
 delete mode 100644 changelog.d/reload-user-pinned.fix
 delete mode 100644 changelog.d/scroll-emoji-selector-safari.fix
 create mode 100755 tools/collect-changelog

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3fb7293154..fe382b9602 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,31 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## 2.6.0
+### Added
+- add the initial i18n translation file for Taiwanese (Hokkien), and modify some related files.
+- Implemented a very basic instance administration screen
+- Implement quoting
+
+### Fixed
+- Keep aspect ratio of custom emoji reaction in notification
+- Fix openSettingsModalTab so that it correctly opens Settings modal instead of Admin modal
+- Add alt text to emoji picker buttons
+- Use export-subst gitattribute to allow tarball builds
+- fix reports now showing reason/content
+- Fix HTML attribute parsing, discard attributes not strating with a letter
+- Make MentionsLine aware of line breaking by non-br elements
+- Fix a bug where mentioning a user twice will not fill the mention into the textarea
+- Fix parsing non-ascii tags
+- Fix OAuth2 token lingering after revocation
+- fix regex issue in HTML parser/renderer
+- don't display quoted status twice
+- fix typo in code that prevented cards from showing at all
+- Fix react button not working if reaction accounts are not loaded
+- Fix react button misalignment on safari ios
+- Fix pinned statuses gone when reloading user timeline
+- Fix scrolling emoji selector in modal in safari ios
+
 ## 2.5.1
 ### Fixed
 - Checkboxes in settings can now work with screenreaders
diff --git a/changelog.d/add-taiwanese-aka-hokkien-i18n-support.add b/changelog.d/add-taiwanese-aka-hokkien-i18n-support.add
deleted file mode 100644
index 53d8980553..0000000000
--- a/changelog.d/add-taiwanese-aka-hokkien-i18n-support.add
+++ /dev/null
@@ -1 +0,0 @@
-add the initial i18n translation file for Taiwanese (Hokkien), and modify some related files.
\ No newline at end of file
diff --git a/changelog.d/adminfe.add b/changelog.d/adminfe.add
deleted file mode 100644
index 188c45550a..0000000000
--- a/changelog.d/adminfe.add
+++ /dev/null
@@ -1 +0,0 @@
-Implemented a very basic instance administration screen
diff --git a/changelog.d/check-changelog.skip b/changelog.d/check-changelog.skip
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/changelog.d/custom-emoji-notif-width.fix b/changelog.d/custom-emoji-notif-width.fix
deleted file mode 100644
index da118f6ba7..0000000000
--- a/changelog.d/custom-emoji-notif-width.fix
+++ /dev/null
@@ -1 +0,0 @@
-Keep aspect ratio of custom emoji reaction in notification
diff --git a/changelog.d/edit-profile-button.fix b/changelog.d/edit-profile-button.fix
deleted file mode 100644
index 5a92765cd9..0000000000
--- a/changelog.d/edit-profile-button.fix
+++ /dev/null
@@ -1 +0,0 @@
-Fix openSettingsModalTab so that it correctly opens Settings modal instead of Admin modal
diff --git a/changelog.d/emoji-picker-button-accessible.fix b/changelog.d/emoji-picker-button-accessible.fix
deleted file mode 100644
index 12898a1ac5..0000000000
--- a/changelog.d/emoji-picker-button-accessible.fix
+++ /dev/null
@@ -1 +0,0 @@
-Add alt text to emoji picker buttons
diff --git a/changelog.d/export-subst-hash.fix b/changelog.d/export-subst-hash.fix
deleted file mode 100644
index fb0d85cbb4..0000000000
--- a/changelog.d/export-subst-hash.fix
+++ /dev/null
@@ -1 +0,0 @@
-Use export-subst gitattribute to allow tarball builds
diff --git a/changelog.d/fix-reports.fix b/changelog.d/fix-reports.fix
deleted file mode 100644
index 961b80336f..0000000000
--- a/changelog.d/fix-reports.fix
+++ /dev/null
@@ -1 +0,0 @@
-fix reports now showing reason/content:w
diff --git a/changelog.d/html-attribute-parsing.fix b/changelog.d/html-attribute-parsing.fix
deleted file mode 100644
index 0952f773ed..0000000000
--- a/changelog.d/html-attribute-parsing.fix
+++ /dev/null
@@ -1 +0,0 @@
-Fix HTML attribute parsing, discard attributes not strating with a letter
diff --git a/changelog.d/mention-twice.fix b/changelog.d/mention-twice.fix
deleted file mode 100644
index 0e4b71dfd4..0000000000
--- a/changelog.d/mention-twice.fix
+++ /dev/null
@@ -1 +0,0 @@
-Fix a bug where mentioning a user twice will not fill the mention into the textarea
diff --git a/changelog.d/mentionsline-shouldbreak.fix b/changelog.d/mentionsline-shouldbreak.fix
deleted file mode 100644
index 33ee8d2c99..0000000000
--- a/changelog.d/mentionsline-shouldbreak.fix
+++ /dev/null
@@ -1 +0,0 @@
-Make MentionsLine aware of line breaking by non-br elements
diff --git a/changelog.d/nonascii-tags.fix b/changelog.d/nonascii-tags.fix
deleted file mode 100644
index e4c6dc82d3..0000000000
--- a/changelog.d/nonascii-tags.fix
+++ /dev/null
@@ -1 +0,0 @@
-Fix parsing non-ascii tags
diff --git a/changelog.d/oauth2-token-linger.fix b/changelog.d/oauth2-token-linger.fix
deleted file mode 100644
index da4e46316b..0000000000
--- a/changelog.d/oauth2-token-linger.fix
+++ /dev/null
@@ -1 +0,0 @@
-Fix OAuth2 token lingering after revocation
diff --git a/changelog.d/parser.fix b/changelog.d/parser.fix
deleted file mode 100644
index 13bac0bf6e..0000000000
--- a/changelog.d/parser.fix
+++ /dev/null
@@ -1 +0,0 @@
-fix regex issue in HTML parser/renderer
diff --git a/changelog.d/quote-hide-oops.fix b/changelog.d/quote-hide-oops.fix
deleted file mode 100644
index d93c0d29ee..0000000000
--- a/changelog.d/quote-hide-oops.fix
+++ /dev/null
@@ -1 +0,0 @@
-fix typo in code that prevented cards from showing at all
diff --git a/changelog.d/quote-hide.fix b/changelog.d/quote-hide.fix
deleted file mode 100644
index 678fc3bc65..0000000000
--- a/changelog.d/quote-hide.fix
+++ /dev/null
@@ -1 +0,0 @@
-don't display quoted status twice
diff --git a/changelog.d/quote.add b/changelog.d/quote.add
deleted file mode 100644
index b43b6abad3..0000000000
--- a/changelog.d/quote.add
+++ /dev/null
@@ -1 +0,0 @@
-Implement quoting
diff --git a/changelog.d/react-button-safari.fix b/changelog.d/react-button-safari.fix
deleted file mode 100644
index 9846d50d07..0000000000
--- a/changelog.d/react-button-safari.fix
+++ /dev/null
@@ -1 +0,0 @@
-Fix react button misalignment on safari ios
diff --git a/changelog.d/react-button.fix b/changelog.d/react-button.fix
deleted file mode 100644
index c2222fb605..0000000000
--- a/changelog.d/react-button.fix
+++ /dev/null
@@ -1 +0,0 @@
-Fix react button not working if reaction accounts are not loaded
diff --git a/changelog.d/reload-user-pinned.fix b/changelog.d/reload-user-pinned.fix
deleted file mode 100644
index db241c205a..0000000000
--- a/changelog.d/reload-user-pinned.fix
+++ /dev/null
@@ -1 +0,0 @@
-Fix pinned statuses gone when reloading user timeline
diff --git a/changelog.d/scroll-emoji-selector-safari.fix b/changelog.d/scroll-emoji-selector-safari.fix
deleted file mode 100644
index 3f5dda7d80..0000000000
--- a/changelog.d/scroll-emoji-selector-safari.fix
+++ /dev/null
@@ -1 +0,0 @@
-Fix scrolling emoji selector in modal in safari ios
diff --git a/tools/collect-changelog b/tools/collect-changelog
new file mode 100755
index 0000000000..1e12d5640e
--- /dev/null
+++ b/tools/collect-changelog
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+collectType() {
+    local suffix="$1"
+    local header="$2"
+    local printed=0
+    for file in changelog.d/*."$suffix"; do
+        if [ '!' -f "$file" ]; then
+            continue
+        fi
+        if [ "$printed" = 0 ]; then
+            echo
+            echo "### $header"
+            printed=1
+        fi
+        # Normalize any trailing newlines/spaces, etc.
+        echo "- $(cat "$file")"
+    done
+}
+
+collectType security Security
+collectType change Changed
+collectType add Added
+collectType fix Fixed
+collectType remove Removed
+
+rm changelog.d/*

From dbf14eee40bf6d7a4ce45605fc52c941013f7d4b Mon Sep 17 00:00:00 2001
From: Henry Jameson <me@hjkos.com>
Date: Sun, 29 Oct 2023 18:30:08 +0200
Subject: [PATCH 3/3] Version 2.6.0

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 873f04ff1e..5d3b50ad65 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "pleroma_fe",
-  "version": "2.5.0",
+  "version": "2.6.0",
   "description": "Pleroma frontend, the default frontend of Pleroma social network server",
   "author": "Pleroma contributors <https://git.pleroma.social/pleroma/pleroma-fe/-/blob/develop/CONTRIBUTORS.md>",
   "private": false,