* origin/develop: (475 commits)
Apply 1 suggestion(s) to 1 file(s)
Update dependency @ungap/event-target to v0.2.3
Update package.json
fix broken icons after FA upgrade
Update Font Awesome
Update dependency webpack-dev-middleware to v3.7.3
Update dependency vuelidate to v0.7.7
Pin dependency @kazvmoe-infra/pinch-zoom-element to 1.2.0
lint
Make media modal buttons larger
Add English translation for hide tooltip
Add hide button to media modal
Lint
Prevent hiding media viewer if swiped over SwipeClick
Fix webkit image blurs
Fix video in media modal not displaying properly
Add changelog for https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1403
Remove image box-shadow in media modal
Clean up debug code for image pinch zoom
Bump @kazvmoe-infra/pinch-zoom-element to 1.2.0 on npm
...
* origin/develop: (83 commits)
Make media modal buttons larger
Add English translation for hide tooltip
Add hide button to media modal
Lint
Prevent hiding media viewer if swiped over SwipeClick
Fix webkit image blurs
Fix video in media modal not displaying properly
Add changelog for https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1403
Remove image box-shadow in media modal
Clean up debug code for image pinch zoom
Bump @kazvmoe-infra/pinch-zoom-element to 1.2.0 on npm
Bump pinch-zoom-element version
Clean up
Check whether we swiped only for mouse pointer
Scale swipe threshold with viewport width
Update pinch-zoom-element
Allow pinch-zoom to fill the whole screen
Use native click for hiding overlay
Reset position on swipe end even if we cannot navigate
Make lint happy
...
The box-shadow causes an image to be very blurry on Webkit browsers
(experienced: Konqueror, Safari; heard of: Chrome) when scaled up
if the initial size of the image is much smaller than the actual size
(e.g. when viewing a very long picture).
The shadow is not really obvious anyway.
Originally the media viewer would think every touch is a swipe (one-finger
touch event), so we would encounter the case where a two-finger scale event
would incorrectly change the current media. This is now fixed.
* origin/develop:
Update dependency v-click-outside to v2.1.5
Update dependency shelljs to v0.8.5
Update dependency portal-vue to v2.1.7
Update dependency lodash to v4.17.21
Update dependency karma-spec-reporter to v0.0.33
Update dependency karma-webpack to v4.0.2
Update dependency karma-sourcemap-loader to v0.3.8
Update dependency eslint-plugin-vue to v5.2.3
Update dependency chromedriver to v87.0.7
Update dependency @chenfengyuan/vue-qrcode to v1.0.2
Pin dependencies
Pin dependencies
Do not mute bot posts in notifications
Lint
Add renovate.json
Add bot indication to user icon on statuses
Mute bot posts
fix placeholder attachments opening new tab
$refs is not a reliable way to deal with child components under
tree threading as it is not reactive, but the children may change at
any time. The only good way seems to be making these states aggregated on
the conversation component.
Ref: tree-threading
Now the tree will be always rooted at the highlighted status, and
all its ancestors shown linearly on the top.
Enhancement: If an ancestor has more
than one reply (i.e. it has a child that is not on current status's
ancestor chain), we are given a link to root the thread at that status.
* origin/develop:
undo accidental change when merging
Apply 1 suggestion(s) to 1 file(s)
Rearranged settings, moved more stuff to filtering where apllicable. Changed how filering works.
* origin/develop: (81 commits)
Improve the user card for deactivated users
Update CHANGELOG.md
Update CHANGELOG.md
Allow canceling a follow request
Simple policy reasons for instance specific policies
entity_normalizer: Escape name when parsing user
Translated using Weblate (Spanish)
Translated using Weblate (Catalan)
Translated using Weblate (Korean)
Translated using Weblate (Japanese (ja_PEDANTIC))
Translated using Weblate (Indonesian)
Translated using Weblate (Esperanto)
Translated using Weblate (Vietnamese)
Translated using Weblate (Italian)
Translated using Weblate (Vietnamese)
Translated using Weblate (Indonesian)
Translated using Weblate (Italian)
Translated using Weblate (Vietnamese)
Translated using Weblate (Indonesian)
Translated using Weblate (Chinese (Simplified))
...
* origin/develop: (169 commits)
Improve the user card for deactivated users
Update CHANGELOG.md
Update CHANGELOG.md
Allow canceling a follow request
Simple policy reasons for instance specific policies
entity_normalizer: Escape name when parsing user
Translated using Weblate (Spanish)
Translated using Weblate (Catalan)
Translated using Weblate (Korean)
Translated using Weblate (Japanese (ja_PEDANTIC))
Translated using Weblate (Indonesian)
Translated using Weblate (Esperanto)
Translated using Weblate (Vietnamese)
Translated using Weblate (Italian)
Translated using Weblate (Vietnamese)
Translated using Weblate (Indonesian)
Translated using Weblate (Italian)
Translated using Weblate (Vietnamese)
Translated using Weblate (Indonesian)
Translated using Weblate (Chinese (Simplified))
...
When a follow request is sent, but not (yet) accepted, the behaviour is now to cancel the request instead of re sending.
The reason is double
* You couldn't cancel a follow request if you change your mind and the request wasn't answered yet
* Instances don't always correctly process a new follow request when the following is already happening. If something went wrong (e;g. the target server thinks you're following, but your instance thinks you're not yet), it's better to first sent an unfollow. This is the behaviour that Mastodon and most probably most other clients have. Therefore this flow is more tested and expected by other instances.
In January 2020 Pleroma backend stopped escaping HTML in display names
and passed that responsibility on frontends, compliant with Mastodon's
version of Mastodon API [1]. Pleroma-FE was subsequently modified to
escape the display name [2], however only in the "name_html" field. This
was fine however, since that's what the code rendering display names used.
However, 2 months ago an MR [3] refactoring the way the frontend does emoji
and mention rendering was merged. One of the things it did was moving away
from doing emoji rendering in the entity normalizer and use the unescaped
'user.name' in the rendering code, resulting in HTML injection being
possible again.
This patch escapes 'user.name' as well, as far as I can tell there is no
actual use for an unescaped display name in frontend code, especially
when it comes from MastoAPI, where it is not supposed to be HTML.
[1]: https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1052
[2]: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2167
[3]: https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1392