* origin/develop: (169 commits)
Improve the user card for deactivated users
Update CHANGELOG.md
Update CHANGELOG.md
Allow canceling a follow request
Simple policy reasons for instance specific policies
entity_normalizer: Escape name when parsing user
Translated using Weblate (Spanish)
Translated using Weblate (Catalan)
Translated using Weblate (Korean)
Translated using Weblate (Japanese (ja_PEDANTIC))
Translated using Weblate (Indonesian)
Translated using Weblate (Esperanto)
Translated using Weblate (Vietnamese)
Translated using Weblate (Italian)
Translated using Weblate (Vietnamese)
Translated using Weblate (Indonesian)
Translated using Weblate (Italian)
Translated using Weblate (Vietnamese)
Translated using Weblate (Indonesian)
Translated using Weblate (Chinese (Simplified))
...
In January 2020 Pleroma backend stopped escaping HTML in display names
and passed that responsibility on frontends, compliant with Mastodon's
version of Mastodon API [1]. Pleroma-FE was subsequently modified to
escape the display name [2], however only in the "name_html" field. This
was fine however, since that's what the code rendering display names used.
However, 2 months ago an MR [3] refactoring the way the frontend does emoji
and mention rendering was merged. One of the things it did was moving away
from doing emoji rendering in the entity normalizer and use the unescaped
'user.name' in the rendering code, resulting in HTML injection being
possible again.
This patch escapes 'user.name' as well, as far as I can tell there is no
actual use for an unescaped display name in frontend code, especially
when it comes from MastoAPI, where it is not supposed to be HTML.
[1]: https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1052
[2]: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2167
[3]: https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1392
* origin/develop:
Use proper setting name
Use cleaner instance config check for shoutbox setting
Make locale language cleaner
Don't shorten shoutbox to SB
Fix lint error
Update CHANGELOG.md
New option: Hide shoutbox
* origin/develop:
Use proper setting name
Use cleaner instance config check for shoutbox setting
Make locale language cleaner
Don't shorten shoutbox to SB
Fix lint error
Update CHANGELOG.md
New option: Hide shoutbox
* vue3compat-tabswitcher:
small refactoring to uncouple tab-switcher from settings modal
fix theme tab, remove console.logs
Changed some of TabSwitcher's internals for easier Vue3 migration
* origin/develop: (76 commits)
Translated using Weblate (Italian)
Translated using Weblate (Basque)
Translated using Weblate (Spanish)
Translated using Weblate (Chinese (Simplified))
Translated using Weblate (Italian)
Translated using Weblate (Chinese (Traditional))
Translated using Weblate (Russian)
Translated using Weblate (Italian)
Translated using Weblate (French)
Translated using Weblate (Russian)
Translated using Weblate (Italian)
Translated using Weblate (French)
Translated using Weblate (Basque)
Translated using Weblate (Spanish)
Translated using Weblate (Chinese (Simplified))
Translated using Weblate (Japanese)
Translated using Weblate (Italian)
Translated using Weblate (Esperanto)
Translated using Weblate (Chinese (Traditional))
Translated using Weblate (Norwegian Bokmål)
...
- "Post" for post submission (we already had the button title be "Posting"
when the post was being sent, so there was a weird inconsistency)
- "Register" for registration submission
- "Save changes" for usages in settings
* origin/develop: (306 commits)
fallback if shadows aren't defined
Translated using Weblate (Chinese (Traditional))
Translated using Weblate (Ukrainian)
Translated using Weblate (Italian)
Translated using Weblate (Ukrainian)
Translated using Weblate (Portuguese)
Translated using Weblate (Italian)
Translated using Weblate (Russian)
Translated using Weblate (Portuguese)
Translated using Weblate (Russian)
Translated using Weblate (Portuguese)
Translated using Weblate (Portuguese)
Translated using Weblate (Portuguese)
Translated using Weblate (Portuguese)
Translated using Weblate (Portuguese)
Translated using Weblate (Portuguese)
Translated using Weblate (Portuguese)
Translated using Weblate (Portuguese)
Translated using Weblate (Portuguese)
Translated using Weblate (Portuguese)
...