Robin Ward
|
fc1ce96dbb
|
FIX: Change the approach to sanitization. Includes a more detailed API
for allowing classes and attributes for only certain tag names.
|
2014-07-03 16:55:36 -04:00 |
|
Robin Ward
|
9c48f8f154
|
FIX: Don't surround <aside> with <p> as that is malformed HTML.
|
2014-06-30 18:11:22 -04:00 |
|
Robin Ward
|
a7ad7f6a45
|
Remove some obscure HTML tags from sanitization
|
2014-06-24 11:03:45 -04:00 |
|
Robin Ward
|
ff55a30dd7
|
FIX: <pre> blocks were adding too many new lines.
|
2014-06-23 15:21:07 -04:00 |
|
Robin Ward
|
42d1fcbbc2
|
[code] should work just like other kinda of code formatting.
|
2014-06-23 13:19:27 -04:00 |
|
Robin Ward
|
c6b92f0ef7
|
FIX: Support for nested bold/italics in MD
|
2014-06-09 17:46:36 -04:00 |
|
Régis Hanol
|
897f219d61
|
BUGFIX: change the image upload icon when only images are authorized (fixes #2359)
|
2014-06-04 19:51:26 +02:00 |
|
Ben Lubar
|
73946e5402
|
quoting fixes
- allow bbcode quotes to be nested
- don't allow the '=' to be omitted from quotes
- fix some css that made assumptions about nested quotes
|
2014-05-27 21:46:31 -05:00 |
|
Sam Saffron
|
252e93d0f2
|
BUGFIX: support CDN for avatars
Correct broken spec
Implement S3 support
|
2014-05-27 14:40:46 +10:00 |
|
Robin Ward
|
f51cbc8952
|
FIX: @mentions should not be processed within links
|
2014-05-06 17:48:30 -04:00 |
|
Robin Ward
|
ba683bc611
|
FIX: XSS in markdown converter.
|
2014-04-28 14:44:15 -04:00 |
|
Robin Ward
|
cf6cbb955b
|
REFACTOR: Introduce Discourse.computed.setting to create a computed
property that links to a `Discourse.SiteSetting`
|
2014-04-24 18:36:02 -04:00 |
|
Robin Ward
|
4dc20e6855
|
FIX: Sanitize custom quote attributes
|
2014-04-21 10:19:39 -04:00 |
|
Robin Ward
|
ed6e2b1d79
|
Remove Zalgo API from Discourse.Mention :
http://blog.izs.me/post/59142742143/designing-apis-for-asynchrony -
Thanks @riking for finding it.
|
2014-04-14 16:51:18 -04:00 |
|
Régis Hanol
|
e663d78104
|
SECURITY: sanitize markdown urls (prevent XSS)
|
2014-03-27 15:34:35 +01:00 |
|
Neil Lalonde
|
86244e3a4b
|
New sub-category badges in category chooser. Normalize category badge rendering code.
|
2014-03-25 17:29:59 -04:00 |
|
Vikhyat Korrapati
|
e798705aec
|
Do not call preventDefault on right and middle-click/Ctrl+click.
This should fix the middle click popup blocker issue on Firefox.
|
2014-03-13 11:03:19 +05:30 |
|
Régis Hanol
|
8b6930a5cf
|
FIX: shortDate tests
|
2014-03-11 12:37:54 +01:00 |
|
Robin Ward
|
15c9c90533
|
When links have thousands of clicks, display them like 3.3K
|
2014-03-04 13:44:53 -05:00 |
|
Robin Ward
|
6143753fef
|
Support uppercase bbcode too.
|
2014-03-03 11:59:57 -05:00 |
|
Robin Ward
|
d079538a6d
|
Allow the customHTML helper to look up fragments outside of the
preloadStore, so plugins can stuff HTML in there when overriding a whole
template doesn't make sense.
|
2014-02-25 16:02:27 -05:00 |
|
Robin Ward
|
7716d940a0
|
BUGFIX: Allow links to images with absolute URLs as well as parens
|
2014-02-20 15:24:03 -05:00 |
|
Neil Lalonde
|
113057bfa9
|
Comma needs to die
|
2014-02-06 11:57:45 -05:00 |
|
Robin Ward
|
af5254d3b4
|
FIX: Remove canvas tag.
|
2014-02-05 12:22:36 -05:00 |
|
Robin Ward
|
8adb08a9ca
|
FIX: Don't allow <button> in posts either.
|
2014-02-04 16:29:00 -05:00 |
|
Robin Ward
|
abffcd9f94
|
FIX: Blacklist <textarea>
|
2014-02-04 12:48:33 -05:00 |
|
Neil Lalonde
|
b5d0031105
|
Topic list dates formatting changes: use Dec '12 and Jan 21
|
2014-01-29 15:45:06 -05:00 |
|
Régis Hanol
|
d0c55010aa
|
BUGFIX: clicking on links to the same domain was broken
|
2014-01-29 11:31:36 +01:00 |
|
Vikhyat Korrapati
|
fad88c6cf3
|
Fix sanitization of smileys like <_< and <3.
|
2014-01-26 18:38:47 +05:30 |
|
Régis Hanol
|
ae06ea6323
|
BUGFIX: clicking the logo when the homepage was /categories or /top would fail
|
2014-01-23 17:08:52 +01:00 |
|
Robin Ward
|
e2c361f353
|
FIX: Indented code blocks followed by <blockquote> weren't working.
|
2014-01-21 16:18:20 -05:00 |
|
Robin Ward
|
3c3449aa1b
|
Revert "New API for replacing elements in the final JsonML. Also changes spoiler"
This reverts commit 6b9b2d3d6a .
We have come up with a better solution that does not involve HTML
parsing.
|
2014-01-21 12:04:58 -05:00 |
|
Robin Ward
|
6b9b2d3d6a
|
New API for replacing elements in the final JsonML. Also changes spoiler
tag handling to be more robust with repsect to HTML content.
|
2014-01-20 15:15:50 -05:00 |
|
Robin Ward
|
4981525047
|
REFACTOR: Fixes poor class hierarchy for listing topics
- Upgrades Ember to latest
- Fixes a bunch of bugs with page titles and missing "active" states
|
2014-01-18 19:26:24 +01:00 |
|
Régis Hanol
|
ad8755aa70
|
BUGFIX: inline spoiler for text, block spoiler for images
|
2014-01-15 00:53:06 +01:00 |
|
Robin Ward
|
71aed34e64
|
FIX: Allow click tracking to work with different origins
|
2014-01-14 15:20:46 -05:00 |
|
Régis Hanol
|
3a6bffa05d
|
FEATURE: better top pages
|
2014-01-14 01:09:12 +01:00 |
|
Régis Hanol
|
70161498b6
|
BUGFIX: spoiler tag on lightboxed images wasn't working
|
2014-01-12 19:38:46 +01:00 |
|
Régis Hanol
|
0dc0740408
|
BUGFIX: clicking on the Logo generates a javascript error
|
2014-01-06 11:46:19 +01:00 |
|
Robin Ward
|
a502266c42
|
Enable JSHINT's unused option. It caught a bunch of suspicious stuff which is fixed in this commit.
|
2013-12-30 13:30:22 -05:00 |
|
Régis Hanol
|
8685e4079f
|
FEATURE: the top tab is the default for new users
|
2013-12-30 18:49:16 +01:00 |
|
Sam
|
d8c43f7b58
|
BUGFIX: fix username breakup so it works with IE
FEATURE: breakup username based on name as well
|
2013-12-30 16:07:35 +11:00 |
|
Sam
|
d4819c3a65
|
Got rid of crazy user name split
instead decorate with <wbr> to hint on best
spot to split
|
2013-12-23 11:11:41 +11:00 |
|
Robin Ward
|
a7a7387da1
|
Automatically convert some quotes to blockquotes
|
2013-12-13 15:31:25 -05:00 |
|
Neil Lalonde
|
ed3d3ae1e1
|
Upgrade font-awesome to version 4
|
2013-12-11 10:31:09 -05:00 |
|
Robin Ward
|
0ece195723
|
Blacklist <center>
|
2013-12-04 11:43:20 -05:00 |
|
Régis Hanol
|
9b6538832d
|
whitelist google.com/maps iframes
|
2013-11-29 18:08:53 +01:00 |
|
Robin Ward
|
0bab3f9b4e
|
Revert "Revert "FIX: Markdown bug", breaks build"
This reverts commit 08ad5d479e .
|
2013-11-20 11:53:06 -05:00 |
|
Sam
|
08ad5d479e
|
Revert "FIX: Markdown bug", breaks build
This reverts commit 4a32cddf80 .
|
2013-11-20 10:41:21 +11:00 |
|
Robin Ward
|
4a32cddf80
|
FIX: Markdown bug
|
2013-11-19 16:23:04 -05:00 |
|
Wojciech Zawistowski
|
e31559b05f
|
refactors click track tests to use fixture helper
|
2013-11-08 20:30:20 +01:00 |
|
Robin Ward
|
ac9a763ab3
|
FIX: Extra space before tags in blockquotes
|
2013-11-07 16:06:50 -05:00 |
|
Wojciech Zawistowski
|
74cbb18f67
|
removes redundant #qunit-scratch (replaces it with standard #qunit-fixture)
|
2013-11-07 18:18:07 +01:00 |
|
Robin Ward
|
b8e63719f8
|
FIX: Don't autolink within a markdown link.
|
2013-11-04 14:24:40 -05:00 |
|
Robin Ward
|
e9c4465ec7
|
FIX: Various bugs with Category breadcrumbs
|
2013-10-25 15:24:03 -04:00 |
|
Robin Ward
|
9adcd1579d
|
Renamed components to lib in the JS project, as Ember has components and they mean something different.
|
2013-10-24 12:36:46 -04:00 |
|