Commit Graph

172 Commits

Author SHA1 Message Date
Sam Saffron b7a0a295c0 FIX: s3 cdn would break cooking if <img> tag had no src 2015-06-10 19:28:21 +10:00
Sam 93ab03966e FIX: no-follow not handled correctly for sub domains
if a.com was whitelisted aa.com would pass through
2015-05-27 14:31:01 +10:00
Sam 90eaad336d FEATURE: allow users to pick a CDN for s3 assets 2015-05-26 11:13:12 +10:00
Ben Hadley-Evans c3b461f58d Add blank alt attribute to avatars.
This was giving an ugly border to avatars in the user card as the full size version loaded in Firefox.
2015-04-14 14:39:40 +01:00
Sam a82530012a FEATURE: Allow selection of highlight js languages
PERF: stop loading highlight js on load

To get latest highlight js run bin/rake highlightjs:update
2015-03-13 16:18:59 +11:00
Régis Hanol 6a68e8c272 FIX: use CDN for user card/profile background and user avatars (for real this time) 2015-01-29 22:53:48 +01:00
Régis Hanol b4e5937850 FIX: 🐛 ensure emoji are case insensitive 2015-01-15 19:00:55 +01:00
Luciano Sousa 0fd98b56d8 few components with rspec3 syntax 2015-01-09 13:34:37 -03:00
Sam e23e008682 FIX: buggy unhoisting of escaped \* 2014-12-23 18:25:10 +11:00
Régis Hanol 6027073547 FIX: properly unescape HTML entities in excerpts 2014-12-10 12:52:51 +01:00
Régis Hanol a5616146eb FIX: remove meta data from lightbox in both excerpt (html & text) 2014-11-05 20:37:00 +01:00
Régis Hanol ada750b384 fixed some more deprecations. 20 to go 2014-10-29 16:06:50 +01:00
Sam 0d1b460f1e Pending spec for Nokogiri fix 2014-10-03 12:37:07 +10:00
Régis Hanol de76b512c1 fix most deprecations in the specs (still some left) 2014-09-25 17:44:48 +02:00
Jeff Atwood 5646ebf4c7 fix tests expecting "name said:" to "name:" 2014-09-18 20:39:27 -07:00
Robin Ward 19b4364d79 SECURITY: Stripping links could unescape html fragments 2014-09-17 12:08:00 -04:00
David McClure d567093756 FEATURE: Allow manual excerpt to be specified anywhere in the post and override max excerpt length 2014-09-03 22:06:53 -07:00
David McClure 0513d02e23 FEATURE: Allow manual excerpt to be defined past the beginning of the post
There is still a limitation that the span excerpt must begin before the post_excerpt_max_length.
2014-09-03 00:29:49 -07:00
Sam 84836944e8 FIX: crash on invalid uri component 2014-07-30 17:09:55 +10:00
Robin Ward b2f2e7b1d2 REFACTOR: Move Markdown tests to Javascript land 2014-07-25 16:08:00 -04:00
Sam 6e9f5f5584 SECURITY: fix XSS in excerpt parser 2014-07-25 12:16:00 +10:00
Sam de7e6a9545 Feature: allow mods to cut pinned topic excerpts 2014-07-17 21:32:37 +10:00
Sam c12a131fb4 SECURITY: sanitizer allowing invalid attributes 2014-07-17 16:11:09 +10:00
Sam 89fc989adb FEATURE: First Quote badge 2014-07-11 14:17:43 +10:00
Sam d54c28adc1 FIX: better whitelisting 2014-07-10 09:59:54 +10:00
Sam 9828a268b9 Fix: whitelist regex for bbcode too wide 2014-07-10 09:17:04 +10:00
Robin Ward fc1ce96dbb FIX: Change the approach to sanitization. Includes a more detailed API
for allowing classes and attributes for only certain tag names.
2014-07-03 16:55:36 -04:00
Robin Ward 9c48f8f154 FIX: Don't surround `<aside>` with `<p>` as that is malformed HTML. 2014-06-30 18:11:22 -04:00
Sam e2e36a6df3 FIX: bold and italic handling improved 2014-06-30 17:01:46 +10:00
Sam 24ddb6cfad FIX: Bold, italic should not expect a space boundary 2014-06-26 17:45:51 +10:00
Sam b8357aa90a BUGFIX: newline after bold was not producting a BR 2014-06-26 15:28:08 +10:00
Robin Ward 64355c989e FIX: Don't extract links from empty quotes 2014-05-20 17:20:52 -04:00
Louis Rose 1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Robin Ward 87682f7539 FIX: Don't include image meta data when embedded in an email 2014-04-17 12:32:51 -04:00
riking 9c4dd1cb35 Change comma-delim site settings to pipe-delim 2014-04-08 14:17:55 -07:00
Vikhyat Korrapati e781a758ad Preserve spoiler tags in post excerpts. 2014-02-20 15:01:44 +05:30
Robin Ward 963793549c FIX: Remove failing ruby tests. The same thing is tested in JS and
passes due to the ability to create a document fragment.
2014-01-20 15:28:46 -05:00
Neil Lalonde 4f6b208e8d Posts by trust level 3 users do not have nofollow on their external links. 2014-01-15 11:40:51 -05:00
Régis Hanol ad8755aa70 BUGFIX: inline spoiler for text, block spoiler for images 2014-01-15 00:53:06 +01:00
Régis Hanol 70161498b6 BUGFIX: spoiler tag on lightboxed images wasn't working 2014-01-12 19:38:46 +01:00
Neil Lalonde 4ec0543362 FIX: emails with embedded posts should always use absolute URLs 2013-11-28 15:57:21 -05:00
Régis Hanol 37fd7ab574 pull hotlinked images 2013-11-05 19:07:29 +01:00
Robin Ward d7182d0b14 FIX: Only wrap inline html tags in <p> 2013-10-18 15:21:05 -04:00
Robin Ward f27413219e Support for MDTest 2013-10-16 10:28:42 -04:00
Robin Ward 5281b7f80c Upgraded and refactored Sanitizing. Much less crap should get through now!
Conflicts:
	app/assets/javascripts/discourse/components/syntax_highlighting.js
2013-10-15 10:53:11 -04:00
Robin Ward af931f0444 Reverting the Sanitizer commit in case we have to do something urgent
before we deploy it early next week. It's in the branch `sanitizer` for
now.

This reverts commit 9e93d8ed52.
2013-10-11 16:44:26 -04:00
Robin Ward 9e93d8ed52 Upgraded and refactored Sanitizing. Much less crap should get through now!
Conflicts:
	app/assets/javascripts/discourse/components/syntax_highlighting.js
2013-10-11 16:25:40 -04:00
Robin Ward 37304b7eba FIX: Too many new lines in long quotes 2013-09-27 15:08:56 -04:00
Robin Ward 3cec95a2c3 Better API for parsing out blocks in the parser. 2013-08-29 11:47:44 -04:00
Robin Ward 2d45c56ba5 Replace Markdown Linebreak Regexp with node parser. 2013-08-26 15:21:23 -04:00
Robin Ward 7c07079ed9 Revert "FIX: Failing spec"
This reverts commit 2df2838f40.
2013-08-26 12:46:28 -04:00
Robin Ward 2df2838f40 FIX: Failing spec 2013-08-26 11:54:05 -04:00
Robin Ward 7f69a58439 Replace Markdown parser. 2013-08-21 10:10:57 -04:00
Régis Hanol c867b67a0b custom avatar support 2013-08-13 22:08:29 +02:00
Robin Ward 751b757c1d FIX: Some failing specs 2013-07-18 12:26:38 -04:00
Régis Hanol 3136638b4b FIX: CDN doesn't work with S3 2013-07-16 22:16:33 +02:00
Sam c49731a91b fix failing server side quote localisation change 2013-07-16 17:48:48 +10:00
Robin Ward 7504da13e3 FIX: Whitespec in specs changed. We should really figure out a better way of ensuring correctness here. 2013-07-03 19:24:49 -04:00
Robin Ward 6384518599 Allow images in the daily digest for top scoring posts 2013-06-05 18:55:27 -04:00
Robin Ward 0b97ea6345 Better HTML emails, smarter email digests, new email section in admin with digest preview 2013-06-05 17:47:25 -04:00
Robin Ward dfba2b6e0a FIX: Strip links from google indexed bios when the users are new. 2013-06-05 15:28:10 -04:00
Régis Hanol 01855b70b4 FIX: Have onebox ignore internal links 2013-06-05 20:53:07 +02:00
Robin Ward 4392a17b54 Strip out links when displaying a new user's bio 2013-06-04 12:06:25 -04:00
Régis Hanol 297680c28d FIX: pinned topic excerpt is not properly truncated 2013-05-10 12:28:17 +02:00
Sam b25a5a20bb option to strip links from excerpts 2013-04-30 13:25:55 +10:00
Michael Scott Shappe 2fb673dd72 Create and use new rspec matcher 'match_html'
This introduces match_html, which converts actual and expected HTML strings into "canonical" HTML using Nokogiri with NOBLANKS and COMPACT, and then does a simple equality comparison.

This eliminates whitespace differences introduced by library changes (e.g. the libxml2 2.9.0 change).

pretty_text_spec.rb has been changed to use match_html where appropriate. and all tests pass under libxml2 2.7.6, 2.8.0 or 2.9.0
2013-04-09 22:30:10 -05:00
Robin Ward 00f9e628e0 Don't apply markdown to content of [quote] -- it messes up spacing. 2013-04-09 17:32:50 -04:00
Gosha Arinich cafc75b238 remove trailing whitespaces ❤️ 2013-02-26 07:31:35 +03:00
Robin Ward dee9e9a51f Fix bug where links to posts weren't being tracked 2013-02-13 15:23:09 -05:00
Sam Saffron f68f59c24f setting to exclude rel nofollow from particular domains 2013-02-11 18:58:19 +11:00
Sam Saffron 543845c673 rel nofollow, on by default to protect forums from spam etc. we should consider lifting it at high trust by default. 2013-02-11 11:43:07 +11:00
Robin Ward 21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00