Commit graph

131 commits

Author SHA1 Message Date
rinpatch
d36b45ad43 entity_normalizer: Escape name when parsing user
In January 2020 Pleroma backend stopped escaping HTML in display names
and passed that responsibility on frontends, compliant with Mastodon's
version of Mastodon API [1]. Pleroma-FE was subsequently modified to
escape the display name [2], however only in the "name_html" field. This
was fine however, since that's what the code rendering display names used.

However, 2 months ago an MR [3] refactoring the way the frontend does emoji
and mention rendering was merged. One of the things it did was moving away
from doing emoji rendering in the entity normalizer and use the unescaped
'user.name' in the rendering code, resulting in HTML injection being
possible again.

This patch escapes 'user.name' as well, as far as I can tell there is no
actual use for an unescaped display name in frontend code, especially
when it comes from MastoAPI, where it is not supposed to be HTML.

[1]: https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1052
[2]: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2167
[3]: https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1392
2021-11-16 20:35:23 +03:00
HJ
370f1e55ad Merge branch 'develop' into 'themeApply'
# Conflicts:
#   CHANGELOG.md
2021-09-09 21:51:39 +00:00
HJ
a8a82ad12f Merge branch 'showMobileNewPost' into 'develop'
New user option: Always show floating New Post button

See merge request pleroma/pleroma-fe!1395
2021-09-09 12:19:53 +00:00
HJ
8af1f08539 Merge branch 'better-still-emoji' into 'develop'
Status HTML parsing - better emoji and mentions rendering

Closes #935

See merge request pleroma/pleroma-fe!1392
2021-09-07 16:15:41 +00:00
Henry Jameson
2cfff1b8b9 remove new options for style and separate line, now groups all chained
mentions on a mentionsline regardless of placement. fixes spacing
2021-08-12 02:56:40 +03:00
f35e3d0f3f Fix merge conflict in CHANGELOG
# Conflicts:
#   CHANGELOG.md
2021-07-22 20:47:36 +00:00
179af131ee Fix changelog merge conflict
# Conflicts:
#   CHANGELOG.md
2021-07-22 20:46:41 +00:00
Shpuld Shpludson
425919a0d2 Merge branch 'fix-themes-select' into 'develop'
Fix theme select not working

See merge request pleroma/pleroma-fe!1393
2021-07-19 18:33:19 +00:00
HJ
ba961b784f Apply 1 suggestion(s) to 1 file(s) 2021-07-19 17:10:13 +00:00
Shpuld Shpludson
373b14e1e4 Merge branch 'fix-settings-anon' into 'develop'
Fix Boolean/Choice settings not working properly on initial launch

See merge request pleroma/pleroma-fe!1389
2021-07-19 16:11:11 +00:00
Henry Jameson
b68fb7738b Merge remote-tracking branch 'origin/develop' into better-still-emoji
* origin/develop:
  Use proper setting name
  Use cleaner instance config check for shoutbox setting
  Make locale language cleaner
  Don't shorten shoutbox to SB
  Fix lint error
  Update CHANGELOG.md
  New option: Hide shoutbox
2021-06-18 02:27:57 +03:00
139a0d1562 Merge branch 'develop' into 'themeApply'
# Conflicts:
#   CHANGELOG.md
2021-06-15 21:50:39 +00:00
cab0095989 Merge branch 'develop' into 'showMobileNewPost'
# Conflicts:
#   CHANGELOG.md
#   src/App.js
2021-06-15 21:49:33 +00:00
d7a53aec61 Use proper setting name 2021-06-15 18:09:00 +00:00
7e3393b5a2 Use cleaner instance config check for shoutbox setting 2021-06-15 00:59:36 +00:00
5047663c51 Make locale language cleaner 2021-06-15 00:25:09 +00:00
312a237ca4 Revert duplicate buttons and move existing buttons to bottom-right corner independent of scroll 2021-06-14 23:31:16 +00:00
4639e30cb8 Fix config naming for consistency 2021-06-14 20:41:34 +00:00
8fa0331771 Add apply and reset themes to top of theme tab 2021-06-14 20:09:28 +00:00
1668315bf8 Fix lint error 2021-06-14 20:02:13 +00:00
0c10145242 New option: Hide shoutbox 2021-06-14 19:42:56 +00:00
adfe56a3a3 New option: Always show floating New Post button 2021-06-14 17:54:40 +00:00
Henry Jameson
418f029789 review + fixes 2021-06-12 20:43:29 +03:00
Henry Jameson
7ae85c8318 change defaults 2021-06-08 14:51:42 +03:00
Henry Jameson
9ea370033a configurable mentions placement 2021-06-08 12:58:28 +03:00
Henry Jameson
38d9ea8b17 lint 2021-06-08 00:09:16 +03:00
Henry Jameson
59d046b163 fix theme selection not working 2021-06-07 23:48:46 +03:00
Henry Jameson
8e9f5d7580 renamed StatusText to StatusBody for clarity, fixed chats 2021-06-07 19:50:38 +03:00
Henry Jameson
32d1a0e181 better approach 2021-05-31 14:23:57 +03:00
Henry Jameson
e95412a03c fix BooleanSetting and ChoiceSetting not working properly on initial
launch as anon visitor (would show all as changed, empty selects)
2021-05-31 14:16:37 +03:00
HJ
0ca0e642a4 Merge branch 'v-slot-upgrade' into 'develop'
Change old slot syntax (removed in vue3) to new one

See merge request pleroma/pleroma-fe!1379
2021-05-31 11:15:44 +00:00
HJ
4e96af0442 Merge branch 'better-selects' into 'develop'
Better <select> components

See merge request pleroma/pleroma-fe!1373
2021-05-31 11:08:56 +00:00
Henry Jameson
80220c1b07 fix warnings 2021-05-31 14:08:12 +03:00
Henry Jameson
c039656460 fix warnings 2021-05-31 14:02:36 +03:00
7341b8a551 Implement right sidebar option as user option 2021-05-26 22:22:55 +00:00
Henry Jameson
61dcdbf992 migrate to v-slot 2021-04-07 22:42:34 +03:00
Henry Jameson
1afda1ac6d lost file 2021-04-07 20:53:58 +03:00
Henry Jameson
0c77a3e1d6 remove extra chevron post-merge 2021-04-07 20:47:59 +03:00
Henry Jameson
4e56e64034 Merge remote-tracking branch 'origin/develop' into better-selects
* origin/develop: (76 commits)
  Translated using Weblate (Italian)
  Translated using Weblate (Basque)
  Translated using Weblate (Spanish)
  Translated using Weblate (Chinese (Simplified))
  Translated using Weblate (Italian)
  Translated using Weblate (Chinese (Traditional))
  Translated using Weblate (Russian)
  Translated using Weblate (Italian)
  Translated using Weblate (French)
  Translated using Weblate (Russian)
  Translated using Weblate (Italian)
  Translated using Weblate (French)
  Translated using Weblate (Basque)
  Translated using Weblate (Spanish)
  Translated using Weblate (Chinese (Simplified))
  Translated using Weblate (Japanese)
  Translated using Weblate (Italian)
  Translated using Weblate (Esperanto)
  Translated using Weblate (Chinese (Traditional))
  Translated using Weblate (Norwegian Bokmål)
  ...
2021-04-07 20:45:57 +03:00
HJ
8b96ea9377 Merge branch 'settings-import-export' into 'develop'
Settings backup/restore + small fixes

See merge request pleroma/pleroma-fe!1372
2021-04-07 17:40:07 +00:00
rinpatch
47719571e4 Use more specific button titles instead of general.submit
- "Post" for post submission (we already had the button title be "Posting"
when the post was being sent, so there was a weird inconsistency)
- "Register" for registration submission
- "Save changes" for usages in settings
2021-03-15 13:28:33 +03:00
Henry Jameson
2da37f15ab Cleanup boolean/choice setting 2021-03-11 17:04:31 +02:00
Henry Jameson
8e88d8110b fix for filtering tab 2021-03-11 17:00:58 +02:00
Henry Jameson
1f0ac68fcd implement ChoiceSetting for settings modal similar to BooleanSetting 2021-03-11 16:55:14 +02:00
Henry Jameson
c6d4c20982 Made Select component to make using styled selects easier 2021-03-11 16:11:44 +02:00
Henry Jameson
3d95ea6acb cleanup + fix 2021-03-08 21:56:20 +02:00
Henry Jameson
914b4eb593 lint 2021-03-08 21:03:55 +02:00
Henry Jameson
395e12cbc6 better error/warnings 2021-03-08 21:00:43 +02:00
Henry Jameson
dda95543e8 implemented import/export for themes 2021-03-08 19:53:30 +02:00
Henry Jameson
bd5b62b107 changed importexport into a service instead of component for simplicity 2021-03-08 19:42:24 +02:00