Merge remote-tracking branch 'upstream/develop' into themes-accent

* upstream/develop:
  Fix one click nsfw unhide on videos
  Escape HTML from display name and subject fields
This commit is contained in:
Henry Jameson 2020-02-11 10:03:34 +02:00
commit 786a695eb6
5 changed files with 16 additions and 6 deletions

View file

@ -28,6 +28,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Single notifications left unread when hitting read on another device/tab
- Registration fixed
- Deactivation of remote accounts from frontend
- Fixed NSFW unhiding not working with videos when using one-click unhiding/displaying
## [1.1.7 and earlier] - 2019-12-14
### Added

View file

@ -21,6 +21,7 @@
"chromatism": "^3.0.0",
"cropperjs": "^1.4.3",
"diff": "^3.0.1",
"escape-html": "^1.0.3",
"karma-mocha-reporter": "^2.2.1",
"localforage": "^1.5.0",
"object-path": "^0.11.3",

View file

@ -2,6 +2,7 @@ import StillImage from '../still-image/still-image.vue'
import VideoAttachment from '../video_attachment/video_attachment.vue'
import nsfwImage from '../../assets/nsfw.png'
import fileTypeService from '../../services/file_type/file_type.service.js'
import { mapGetters } from 'vuex'
const Attachment = {
props: [
@ -49,7 +50,8 @@ const Attachment = {
},
fullwidth () {
return this.type === 'html' || this.type === 'audio'
}
},
...mapGetters(['mergedConfig'])
},
methods: {
linkClicked ({ target }) {
@ -58,7 +60,7 @@ const Attachment = {
}
},
openModal (event) {
const modalTypes = this.$store.getters.mergedConfig.playVideosInModal
const modalTypes = this.mergedConfig.playVideosInModal
? ['image', 'video']
: ['image']
if (fileTypeService.fileMatchesSomeType(modalTypes, this.attachment) ||
@ -71,7 +73,10 @@ const Attachment = {
}
},
toggleHidden (event) {
if (this.$store.getters.mergedConfig.useOneClickNsfw && !this.showHidden) {
if (
(this.mergedConfig.useOneClickNsfw && !this.showHidden) &&
(this.type !== 'video' || this.mergedConfig.playVideosInModal)
) {
this.openModal(event)
return
}

View file

@ -1,3 +1,5 @@
import escape from 'escape-html'
const qvitterStatusType = (status) => {
if (status.is_post_verb) {
return 'status'
@ -41,7 +43,7 @@ export const parseUser = (data) => {
}
output.name = data.display_name
output.name_html = addEmojis(data.display_name, data.emojis)
output.name_html = addEmojis(escape(data.display_name), data.emojis)
output.description = data.note
output.description_html = addEmojis(data.note, data.emojis)
@ -256,7 +258,7 @@ export const parseStatus = (data) => {
output.retweeted_status = parseStatus(data.reblog)
}
output.summary_html = addEmojis(data.spoiler_text, data.emojis)
output.summary_html = addEmojis(escape(data.spoiler_text), data.emojis)
output.external_url = data.url
output.poll = data.poll
output.pinned = data.pinned

View file

@ -2757,9 +2757,10 @@ es6-promisify@^5.0.0:
dependencies:
es6-promise "^4.0.3"
escape-html@~1.0.3:
escape-html@^1.0.3, escape-html@~1.0.3:
version "1.0.3"
resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988"
integrity sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=
escape-string-regexp@1.0.5, escape-string-regexp@^1.0.2, escape-string-regexp@^1.0.5:
version "1.0.5"