Commit Graph

3028 Commits

Author SHA1 Message Date
rinpatch
d36b45ad43 entity_normalizer: Escape name when parsing user
In January 2020 Pleroma backend stopped escaping HTML in display names
and passed that responsibility on frontends, compliant with Mastodon's
version of Mastodon API [1]. Pleroma-FE was subsequently modified to
escape the display name [2], however only in the "name_html" field. This
was fine however, since that's what the code rendering display names used.

However, 2 months ago an MR [3] refactoring the way the frontend does emoji
and mention rendering was merged. One of the things it did was moving away
from doing emoji rendering in the entity normalizer and use the unescaped
'user.name' in the rendering code, resulting in HTML injection being
possible again.

This patch escapes 'user.name' as well, as far as I can tell there is no
actual use for an unescaped display name in frontend code, especially
when it comes from MastoAPI, where it is not supposed to be HTML.

[1]: https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1052
[2]: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2167
[3]: https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1392
2021-11-16 20:35:23 +03:00
HJ
370f1e55ad Merge branch 'develop' into 'themeApply'
# Conflicts:
#   CHANGELOG.md
2021-09-09 21:51:39 +00:00
HJ
a8a82ad12f Merge branch 'showMobileNewPost' into 'develop'
New user option: Always show floating New Post button

See merge request pleroma/pleroma-fe!1395
2021-09-09 12:19:53 +00:00
HJ
8af1f08539 Merge branch 'better-still-emoji' into 'develop'
Status HTML parsing - better emoji and mentions rendering

Closes #935

See merge request pleroma/pleroma-fe!1392
2021-09-07 16:15:41 +00:00
Shpuld Shpludson
25a8b48bf2 Merge branch 'from/develop/tusooa/fix-mobile-shoutbox-display' into 'develop'
Fix mobile shoutbox display

See merge request pleroma/pleroma-fe!1404
2021-09-07 14:46:39 +00:00
Henry Jameson
4d73eaa6ce fix spacing before hashtags 2021-08-23 21:36:18 +03:00
Henry Jameson
39494439d3 very minimalist hashtaglink implementation, also you can middle-click
mentions now.
2021-08-23 20:57:21 +03:00
Henry Jameson
cbb34e2b0e fix expanded mentions spacing 2021-08-18 20:58:26 +03:00
Henry Jameson
e98a2af39e hopefully final fix for spacings 2021-08-18 20:54:04 +03:00
Henry Jameson
dbdc5e050f fix ext profile bug 2021-08-16 01:41:52 +03:00
Henry Jameson
49fe334186 play gifs when hovering over notification 2021-08-16 01:34:35 +03:00
Henry Jameson
14ec7d6a41 add attachment counter 2021-08-16 01:11:43 +03:00
Henry Jameson
7cc19ef2ea better media modal loading 2021-08-16 01:11:42 +03:00
Henry Jameson
0507eb6550 ability to move attachments around when making a new post 2021-08-15 21:04:49 +03:00
Henry Jameson
830a03a0d1 inline description display 2021-08-15 21:04:28 +03:00
Henry Jameson
34d265467a add media description into media modal 2021-08-15 19:45:48 +03:00
Henry Jameson
f5823a96e9 add key attribute to make image refresh in media modal to give feedback
when images are still loaded
2021-08-15 19:43:52 +03:00
Henry Jameson
777f6c0162 Merge branch 'better-still-emoji' into proper-attachments
* better-still-emoji:
  fix "+X more" sticking
2021-08-15 18:43:52 +03:00
Henry Jameson
0087d33c75 fix "+X more" sticking 2021-08-15 18:41:13 +03:00
Henry Jameson
299c00cf74 fix video attachments in notifications not having pointer cursor 2021-08-15 18:35:26 +03:00
Henry Jameson
07c12ae162 replace poll with an icon in notifications 2021-08-15 18:26:37 +03:00
Henry Jameson
c8a7b6f433 fix long posts double-fading in notifications 2021-08-15 18:21:25 +03:00
Henry Jameson
5431d8fe55 Merge branch 'better-still-emoji' into proper-attachments
* better-still-emoji:
  fix links sticking to mentionsline
2021-08-15 18:11:57 +03:00
Henry Jameson
8cc1ad67df fix links sticking to mentionsline 2021-08-15 18:11:38 +03:00
Henry Jameson
6aa6f6f300 fix console errors 2021-08-15 17:53:35 +03:00
Henry Jameson
17d2eed06a Merge branch 'better-still-emoji' into proper-attachments
* better-still-emoji:
  fix tests
  prevent infinite update loops
  remove obsolete tests
  removed useless code, review change, fixed bug with tall statuses
  fixed mentions line again
  remove old emoji added, everything emoji-bearing uses RichContent now
  richcontent support in polls, user cards and user profiles
  support richcontent in polls
  fix tests, add performance test (skipped, doesn't assert anything), tweak max mentions count
  made the code responsible for showing unwritten mentions actually work
  remove new options for style and separate line, now groups all chained mentions on a mentionsline regardless of placement. fixes spacing
  fix tests
2021-08-15 16:27:41 +03:00
Henry Jameson
68b4323181 prevent infinite update loops 2021-08-15 02:55:45 +03:00
Henry Jameson
530ac4442b removed useless code, review change, fixed bug with tall statuses 2021-08-15 02:41:53 +03:00
Henry Jameson
4465de5241 fixed mentions line again 2021-08-14 22:03:09 +03:00
Henry Jameson
4c974f5ca2 richcontent support in polls, user cards and user profiles 2021-08-13 13:06:42 +03:00
Henry Jameson
6c6df29ed3 support richcontent in polls 2021-08-13 12:19:57 +03:00
Henry Jameson
add5921b8b fix tests, add performance test (skipped, doesn't assert anything),
tweak max mentions count
2021-08-12 19:37:04 +03:00
Henry Jameson
2182af4058 made the code responsible for showing unwritten mentions actually work 2021-08-12 03:09:28 +03:00
Henry Jameson
2cfff1b8b9 remove new options for style and separate line, now groups all chained
mentions on a mentionsline regardless of placement. fixes spacing
2021-08-12 02:56:40 +03:00
Tusooa Zhu
ef277ae4e2
Fix mobile shoutbox 2021-08-03 20:11:06 -04:00
eris
f35e3d0f3f Fix merge conflict in CHANGELOG
# Conflicts:
#   CHANGELOG.md
2021-07-22 20:47:36 +00:00
eris
179af131ee Fix changelog merge conflict
# Conflicts:
#   CHANGELOG.md
2021-07-22 20:46:41 +00:00
Shpuld Shpludson
425919a0d2 Merge branch 'fix-themes-select' into 'develop'
Fix theme select not working

See merge request pleroma/pleroma-fe!1393
2021-07-19 18:33:19 +00:00
HJ
ba961b784f Apply 1 suggestion(s) to 1 file(s) 2021-07-19 17:10:13 +00:00
Shpuld Shpludson
891611816c Merge branch 'editProfile' into 'develop'
Minor change: Add edit profile button onto self user card

See merge request pleroma/pleroma-fe!1398
2021-07-19 16:35:28 +00:00
Shpuld Shpludson
373b14e1e4 Merge branch 'fix-settings-anon' into 'develop'
Fix Boolean/Choice settings not working properly on initial launch

See merge request pleroma/pleroma-fe!1389
2021-07-19 16:11:11 +00:00
Henry Jameson
b67db47c88 lint 2021-06-22 20:47:35 +03:00
Henry Jameson
dd3fe61cf3 Merge branch 'better-still-emoji' into proper-attachments
* better-still-emoji:
  fix non-notifying mentions and original mention display
  fix not escaping some stuff
  fix rich images
2021-06-22 20:45:44 +03:00
Henry Jameson
a2f21f4e13 fix description colliding with extra-long text 2021-06-22 20:42:52 +03:00
Henry Jameson
628b99d117 don't stretch columns when uploading media 2021-06-22 20:37:08 +03:00
Henry Jameson
5118eee19a fix videos not stretching to container 2021-06-22 20:35:34 +03:00
Henry Jameson
4ba8d95a10 fix videos and related not having working drag controls 2021-06-22 20:33:57 +03:00
Henry Jameson
4016182b89 fix z-indexes 2021-06-22 20:32:55 +03:00
Henry Jameson
a258182522 fix non-notifying mentions and original mention display 2021-06-22 20:16:26 +03:00
eris
6125dc885a Update for latest develop merges to CHANGELOG 2021-06-20 21:06:59 +00:00
Eris
cd9dd352e3 Fix follow request count position on mobile 2021-06-20 06:27:32 +00:00
Henry Jameson
c6831a3810 fix not escaping some stuff 2021-06-18 21:42:46 +03:00
Henry Jameson
6b8b9c017f whoops 2021-06-18 17:39:29 +03:00
Henry Jameson
44b741e270 better attachments in uploading (grid layout) 2021-06-18 17:30:56 +03:00
Henry Jameson
8bab8658e8 better handling of unknown files, better upload display 2021-06-18 16:11:16 +03:00
Henry Jameson
bfe31e20ea better compact attachments 2021-06-18 14:12:50 +03:00
Henry Jameson
b68fb7738b Merge remote-tracking branch 'origin/develop' into better-still-emoji
* origin/develop:
  Use proper setting name
  Use cleaner instance config check for shoutbox setting
  Make locale language cleaner
  Don't shorten shoutbox to SB
  Fix lint error
  Update CHANGELOG.md
  New option: Hide shoutbox
2021-06-18 02:27:57 +03:00
Henry Jameson
f35c090caa merged in compact notifs and improved upon it 2021-06-18 02:27:32 +03:00
Henry Jameson
c1293c3afa Merge branch 'compact-notifs' into proper-attachments
* compact-notifs:
  compact notifs
2021-06-18 02:09:50 +03:00
Henry Jameson
f15599e6e5 gallery in post status form! 2021-06-18 02:04:01 +03:00
Henry Jameson
90345f158f gallery now supports flash, fixes for flash component. refactored media modal 2021-06-18 02:03:38 +03:00
Eris
85e2f8f78c Don't show profile edit button in sidebar 2021-06-17 20:57:23 +00:00
eris
b2ebfc1fd6 Merge branch 'develop' into 'editProfile'
# Conflicts:
#   CHANGELOG.md
2021-06-17 19:35:09 +00:00
Eris
e1361a1cae Add edit profile button 2021-06-17 19:29:58 +00:00
Henry Jameson
e654fead23 refactored attachments and gallery. All attachments now are in gallery. 2021-06-17 16:29:46 +03:00
Eris
9c4957268d Use proper setting name 2021-06-17 13:21:25 +03:00
Eris
6689fed513 Use cleaner instance config check for shoutbox setting 2021-06-17 13:21:25 +03:00
Eris
4ecbb58086 Make locale language cleaner 2021-06-17 13:21:25 +03:00
Eris
dcfd178314 Fix lint error 2021-06-17 13:21:25 +03:00
Eris
9e9ab5cec9 New option: Hide shoutbox 2021-06-17 13:21:25 +03:00
Henry Jameson
a96a62929d Merge remote-tracking branch 'origin/develop' into settings-and-filtering
* origin/develop:
  Use proper setting name
  Use cleaner instance config check for shoutbox setting
  Make locale language cleaner
  Don't shorten shoutbox to SB
  Fix lint error
  Update CHANGELOG.md
  New option: Hide shoutbox
2021-06-16 13:52:13 +03:00
Henry Jameson
1717a3aaf2 fix chats again 2021-06-16 12:44:04 +03:00
Henry Jameson
ad3a2fd4e5 fixed "invisible" spans inside links 2021-06-16 01:20:20 +03:00
eris
139a0d1562 Merge branch 'develop' into 'themeApply'
# Conflicts:
#   CHANGELOG.md
2021-06-15 21:50:39 +00:00
eris
cab0095989 Merge branch 'develop' into 'showMobileNewPost'
# Conflicts:
#   CHANGELOG.md
#   src/App.js
2021-06-15 21:49:33 +00:00
Eris
d7a53aec61 Use proper setting name 2021-06-15 18:09:00 +00:00
Henry Jameson
4aac0125e5 fixed bug with hashtags 2021-06-15 14:43:44 +03:00
Eris
7e3393b5a2 Use cleaner instance config check for shoutbox setting 2021-06-15 00:59:36 +00:00
Eris
5047663c51 Make locale language cleaner 2021-06-15 00:25:09 +00:00
Eris
312a237ca4 Revert duplicate buttons and move existing buttons to bottom-right corner independent of scroll 2021-06-14 23:31:16 +00:00
Eris
4639e30cb8 Fix config naming for consistency 2021-06-14 20:41:34 +00:00
Eris
8fa0331771 Add apply and reset themes to top of theme tab 2021-06-14 20:09:28 +00:00
Eris
1668315bf8 Fix lint error 2021-06-14 20:02:13 +00:00
Eris
0c10145242 New option: Hide shoutbox 2021-06-14 19:42:56 +00:00
Eris
adfe56a3a3 New option: Always show floating New Post button 2021-06-14 17:54:40 +00:00
Henry Jameson
7309f8ce1a lint 2021-06-14 10:31:07 +03:00
Henry Jameson
c21b1cf898 do the impossible, fix the unfixable 2021-06-14 10:30:08 +03:00
Henry Jameson
a3c703bd37 compact notifs 2021-06-14 02:52:41 +03:00
Henry Jameson
636dbdaba8 more fixes 2021-06-13 22:22:59 +03:00
Henry Jameson
1fdfc42159 fix mentions in chats 2021-06-13 21:43:45 +03:00
Henry Jameson
609dc5da0c fix chats messages 2021-06-13 21:42:25 +03:00
Henry Jameson
bebafa1a2c refactored line converter, untied its logic from greentexting, better
handling of broken cases
2021-06-13 15:24:29 +03:00
HJ
e825021ef1 Apply 1 suggestion(s) to 1 file(s) 2021-06-12 18:55:18 +00:00
Henry Jameson
9c70f3e4df fixed a bug + made a testcase out of it 2021-06-12 21:49:56 +03:00
Henry Jameson
2c60a9b638 fix next relply-row bleeding through popover 2021-06-12 20:51:36 +03:00
Henry Jameson
418f029789 review + fixes 2021-06-12 20:43:29 +03:00
Henry Jameson
90a188f2c3 cleanup 2021-06-12 19:54:34 +03:00
Henry Jameson
cd44556750 restructure and tests
squash! restructure and tests
2021-06-12 19:54:30 +03:00
Henry Jameson
ca6c7d5b10 fix tags gluing 2021-06-12 17:20:21 +03:00
Henry Jameson
24f3681ac1 fix color of reply row, fix overflow in status-popover 2021-06-12 17:11:49 +03:00