Commit graph

156 commits

Author SHA1 Message Date
Marcin Rataj
9dccd975d9 UX: whitelist OpenStreetMap iframes 2014-11-17 14:30:25 +01:00
Robin Ward
564e7a988c Merge pull request #2848 from riking/whitelist-api
Improve Markdown.whiteListTag, code dialect
2014-11-07 11:33:37 -05:00
Sam
d4224a64e8 correct spec 2014-10-22 15:50:04 +11:00
Dean Taylor
c2614543b1 Correct minor spelling mistakes
@sam highlighted I made a spelling mistake in a commit - thought I would throw a few more in.
2014-10-19 23:55:19 +01:00
Dean Taylor
b023e81078 FIX: Censored word match fail if earlier partial match
Previously a list containing `one|two|three|four|twoagain` would fail to censor the word `twoagain` in the text `test1 twoagain test2`.
2014-10-17 03:10:30 +01:00
Robin Ward
27e68518df FIX: BBCode was trimming leading space in [code] blocks 2014-10-10 15:11:30 -04:00
Robin Ward
3b38667274 FIX: Check for word boundaries with censored words. 2014-10-09 16:35:27 -04:00
Robin Ward
285c66b899 FIX: Say the file uploaded is too large, not "image" as you can upload
other kinds of files.
2014-10-09 16:03:04 -04:00
riking
ef36a619c3 Update Markdown tests 2014-10-05 17:30:29 -07:00
Robin Ward
9564ecde76 FEATURE: Site setting for words to censor in posts 2014-10-02 13:58:58 -04:00
Sam
1d2c7206e6 Merge pull request #2820 from Elberet/fix-url-bbcode
FIX: reworked handling URL bbcode tags
2014-09-25 09:36:55 +10:00
Robin Ward
98d21ed21f Remove deprecated Ember.Deferred 2014-09-24 14:17:29 -04:00
Jens Maier
dcd7a149e2 FIX: reworked handling URL bbcode tags 2014-09-24 20:02:02 +02:00
Robin Ward
d1d3e5dd8c Remove broken debouncePromise and clean up some deprecations 2014-09-23 16:16:44 -04:00
Robin Ward
537e6b193d FIX: Allow proper escaping of bold and italics markdown, even when
nested.
2014-09-22 16:52:14 -04:00
Robin Ward
914217f78a FIX: Allow BBCode images within BBCode links 2014-09-22 14:42:24 -04:00
Jens Maier
9cca64cf69 FIX: BBCode blocks parser no longer mangles JsonML arrays 2014-09-22 03:27:39 +02:00
Jeff Atwood
5646ebf4c7 fix tests expecting "name said:" to "name:" 2014-09-18 20:39:27 -07:00
Jens Maier
543bc53598 FIX: double-escaped single quotes in URLs 2014-09-18 22:07:42 +02:00
Sam Saffron
33c6a2d341 correct tests 2014-09-18 15:26:45 +10:00
Jens Maier
30dbb570e5 FIX: fix dialect block ordering 2014-09-10 13:29:40 +02:00
Jens Maier
9be5c98c8c FIX: Markdown parser: empty links and bbcode parsed as link refs 2014-08-31 02:55:43 +02:00
Arpit Jalan
289d9e4fe1 FIX: use short date format for topic summary 2014-08-30 12:07:43 +05:30
Jens Maier
c58565d09f Fix: dialect block parser should not eat next block's whitespace 2014-08-26 14:11:23 +02:00
Jens Maier
b8f5c21df0 Workaround markdown-js links parser bug 2014-08-24 01:56:14 +02:00
Robin Ward
2ae46b4742 REMOVE: Auto quoting confused more people than it helped. 2014-08-22 14:51:31 -04:00
Robin Ward
300dbdc88b FIX: BBCode contents can span multiple lines 2014-08-22 14:32:29 -04:00
Robin Ward
104b39540a FIX: BBCode with params couldn't span lines 2014-08-22 12:14:10 -04:00
Régis Hanol
5b1785157d TRIVIAL: fix deprecations due to momentjs upgrade 2014-08-20 22:22:58 +02:00
Jens Maier
23002ae01c Fix: block parser now uses regexes for end tags. solves code block case, where end tag must be on a line of its own. 2014-08-14 01:58:01 +02:00
Robin Ward
233305e96f FIX: On devices with a weird pixel ratio, tests were failing. 2014-08-12 17:29:18 -04:00
Robin Ward
f977843391 ES6: Convert all test files over 2014-08-06 17:51:03 -04:00
Robin Ward
c5b5db48cf TESTS: Reset the preload store for testing 2014-07-31 13:25:40 -04:00
Robin Ward
6f36d5996d Lots of work on tests 2014-07-30 20:09:45 -04:00
Robin Ward
717f57c968 Revert "FIX: You couldn't span multiple lines with bold or italics"
This reverts commit 423d37a2b6.

Conflicts:
	test/javascripts/lib/markdown_test.js
2014-07-28 13:17:39 -04:00
Robin Ward
8866141ba2 Merge pull request #2592 from Elberet/fix-parser
Fixes for quirky markdown parser behaviours
2014-07-28 13:12:22 -04:00
Jens Maier
479eb64a76 FIX: rewrite replaceBlock logic to better handle mismatched nested quotes. 2014-07-27 16:07:47 +02:00
Jens Maier
9124cf0eaf FIX: auto-quote should not trigger when the first " is preceded by bbcode-like garbage. 2014-07-27 16:05:29 +02:00
riking
5841e10b59 Extra test for spanning italics 2014-07-25 13:15:14 -07:00
Robin Ward
423d37a2b6 FIX: You couldn't span multiple lines with bold or italics 2014-07-25 16:08:00 -04:00
Robin Ward
b2f2e7b1d2 REFACTOR: Move Markdown tests to Javascript land 2014-07-25 16:08:00 -04:00
Robin Ward
f3bb8902c1 Make a mocked test that broke pending for now. The logic works, will
replace with a new test later.
2014-07-24 15:14:36 -04:00
Jens Maier
b19ad15086 FIX: improve list bbcodes: ignore newlines resulting in unnecessary blank lines 2014-07-24 19:39:16 +02:00
Jens Maier
79dc68512f FIX: dialects accept nested inline markup 2014-07-24 17:34:13 +02:00
Régis Hanol
7ebfe86100 TEST: allows data images 2014-07-18 20:38:01 +02:00
Sam
fecb9ddb43 FIX: invalid test 2014-07-17 16:11:10 +10:00
Robin Ward
d6589d4c53 FIX: Cooking issue with paragraphs in a list 2014-07-15 16:42:14 -04:00
Régis Hanol
a9342dbf92 SECURITY: fix XSS in link's href 2014-07-15 16:11:37 +02:00
Robin Ward
1886ffaff2 FIX: Work with phpBB import style links with ellipsis 2014-07-14 14:27:17 -04:00
Robin Ward
186ce78cb5 FIX: BBCode sanitization and tests 2014-07-14 11:24:25 -04:00
Robin Ward
fc1ce96dbb FIX: Change the approach to sanitization. Includes a more detailed API
for allowing classes and attributes for only certain tag names.
2014-07-03 16:55:36 -04:00
Robin Ward
9c48f8f154 FIX: Don't surround <aside> with <p> as that is malformed HTML. 2014-06-30 18:11:22 -04:00
Robin Ward
a7ad7f6a45 Remove some obscure HTML tags from sanitization 2014-06-24 11:03:45 -04:00
Robin Ward
ff55a30dd7 FIX: <pre> blocks were adding too many new lines. 2014-06-23 15:21:07 -04:00
Robin Ward
42d1fcbbc2 [code] should work just like other kinda of code formatting. 2014-06-23 13:19:27 -04:00
Robin Ward
c6b92f0ef7 FIX: Support for nested bold/italics in MD 2014-06-09 17:46:36 -04:00
Régis Hanol
897f219d61 BUGFIX: change the image upload icon when only images are authorized (fixes #2359) 2014-06-04 19:51:26 +02:00
Ben Lubar
73946e5402 quoting fixes
- allow bbcode quotes to be nested
- don't allow the '=' to be omitted from quotes
- fix some css that made assumptions about nested quotes
2014-05-27 21:46:31 -05:00
Sam Saffron
252e93d0f2 BUGFIX: support CDN for avatars
Correct broken spec
Implement S3 support
2014-05-27 14:40:46 +10:00
Robin Ward
f51cbc8952 FIX: @mentions should not be processed within links 2014-05-06 17:48:30 -04:00
Robin Ward
ba683bc611 FIX: XSS in markdown converter. 2014-04-28 14:44:15 -04:00
Robin Ward
cf6cbb955b REFACTOR: Introduce Discourse.computed.setting to create a computed
property that links to a `Discourse.SiteSetting`
2014-04-24 18:36:02 -04:00
Robin Ward
4dc20e6855 FIX: Sanitize custom quote attributes 2014-04-21 10:19:39 -04:00
Robin Ward
ed6e2b1d79 Remove Zalgo API from Discourse.Mention:
http://blog.izs.me/post/59142742143/designing-apis-for-asynchrony -
Thanks @riking for finding it.
2014-04-14 16:51:18 -04:00
Régis Hanol
e663d78104 SECURITY: sanitize markdown urls (prevent XSS) 2014-03-27 15:34:35 +01:00
Neil Lalonde
86244e3a4b New sub-category badges in category chooser. Normalize category badge rendering code. 2014-03-25 17:29:59 -04:00
Vikhyat Korrapati
e798705aec Do not call preventDefault on right and middle-click/Ctrl+click.
This should fix the middle click popup blocker issue on Firefox.
2014-03-13 11:03:19 +05:30
Régis Hanol
8b6930a5cf FIX: shortDate tests 2014-03-11 12:37:54 +01:00
Robin Ward
15c9c90533 When links have thousands of clicks, display them like 3.3K 2014-03-04 13:44:53 -05:00
Robin Ward
6143753fef Support uppercase bbcode too. 2014-03-03 11:59:57 -05:00
Robin Ward
d079538a6d Allow the customHTML helper to look up fragments outside of the
preloadStore, so plugins can stuff HTML in there when overriding a whole
template doesn't make sense.
2014-02-25 16:02:27 -05:00
Robin Ward
7716d940a0 BUGFIX: Allow links to images with absolute URLs as well as parens 2014-02-20 15:24:03 -05:00
Neil Lalonde
113057bfa9 Comma needs to die 2014-02-06 11:57:45 -05:00
Robin Ward
af5254d3b4 FIX: Remove canvas tag. 2014-02-05 12:22:36 -05:00
Robin Ward
8adb08a9ca FIX: Don't allow <button> in posts either. 2014-02-04 16:29:00 -05:00
Robin Ward
abffcd9f94 FIX: Blacklist <textarea> 2014-02-04 12:48:33 -05:00
Neil Lalonde
b5d0031105 Topic list dates formatting changes: use Dec '12 and Jan 21 2014-01-29 15:45:06 -05:00
Régis Hanol
d0c55010aa BUGFIX: clicking on links to the same domain was broken 2014-01-29 11:31:36 +01:00
Vikhyat Korrapati
fad88c6cf3 Fix sanitization of smileys like <_< and <3. 2014-01-26 18:38:47 +05:30
Régis Hanol
ae06ea6323 BUGFIX: clicking the logo when the homepage was /categories or /top would fail 2014-01-23 17:08:52 +01:00
Robin Ward
e2c361f353 FIX: Indented code blocks followed by <blockquote> weren't working. 2014-01-21 16:18:20 -05:00
Robin Ward
3c3449aa1b Revert "New API for replacing elements in the final JsonML. Also changes spoiler"
This reverts commit 6b9b2d3d6a.

We have come up with a better solution that does not involve HTML
parsing.
2014-01-21 12:04:58 -05:00
Robin Ward
6b9b2d3d6a New API for replacing elements in the final JsonML. Also changes spoiler
tag handling to be more robust with repsect to HTML content.
2014-01-20 15:15:50 -05:00
Robin Ward
4981525047 REFACTOR: Fixes poor class hierarchy for listing topics
- Upgrades Ember to latest
- Fixes a bunch of bugs with page titles and missing "active" states
2014-01-18 19:26:24 +01:00
Régis Hanol
ad8755aa70 BUGFIX: inline spoiler for text, block spoiler for images 2014-01-15 00:53:06 +01:00
Robin Ward
71aed34e64 FIX: Allow click tracking to work with different origins 2014-01-14 15:20:46 -05:00
Régis Hanol
3a6bffa05d FEATURE: better top pages 2014-01-14 01:09:12 +01:00
Régis Hanol
70161498b6 BUGFIX: spoiler tag on lightboxed images wasn't working 2014-01-12 19:38:46 +01:00
Régis Hanol
0dc0740408 BUGFIX: clicking on the Logo generates a javascript error 2014-01-06 11:46:19 +01:00
Robin Ward
a502266c42 Enable JSHINT's unused option. It caught a bunch of suspicious stuff which is fixed in this commit. 2013-12-30 13:30:22 -05:00
Régis Hanol
8685e4079f FEATURE: the top tab is the default for new users 2013-12-30 18:49:16 +01:00
Sam
d8c43f7b58 BUGFIX: fix username breakup so it works with IE
FEATURE: breakup username based on name as well
2013-12-30 16:07:35 +11:00
Sam
d4819c3a65 Got rid of crazy user name split
instead decorate with <wbr> to hint on best
spot to split
2013-12-23 11:11:41 +11:00
Robin Ward
a7a7387da1 Automatically convert some quotes to blockquotes 2013-12-13 15:31:25 -05:00
Neil Lalonde
ed3d3ae1e1 Upgrade font-awesome to version 4 2013-12-11 10:31:09 -05:00
Robin Ward
0ece195723 Blacklist <center> 2013-12-04 11:43:20 -05:00
Régis Hanol
9b6538832d whitelist google.com/maps iframes 2013-11-29 18:08:53 +01:00
Robin Ward
0bab3f9b4e Revert "Revert "FIX: Markdown bug", breaks build"
This reverts commit 08ad5d479e.
2013-11-20 11:53:06 -05:00
Sam
08ad5d479e Revert "FIX: Markdown bug", breaks build
This reverts commit 4a32cddf80.
2013-11-20 10:41:21 +11:00
Robin Ward
4a32cddf80 FIX: Markdown bug 2013-11-19 16:23:04 -05:00