Commit Graph

482 Commits

Author SHA1 Message Date
Penar Musaraj f0e73cb126 SECURITY: Bump Handlebars to version 4.1.2
WS-2019-0064: Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects prototype, thus allowing an attacker to execute arbitrary code on the server.
2019-06-05 13:54:52 -04:00
Joffrey JAFFEUX 9a4f6619d9
DEV: upgrades babel to 6.26.3 (#7651)
This is the last version of the 6.x babel branch.

To achieve this I used https://github.com/babel/babel-standalone witht he following patch:

diff --git a/gulpfile.js b/gulpfile.js
index 2121b5f..c40bfa3 100644
--- a/gulpfile.js
+++ b/gulpfile.js
@@ -74,24 +74,23 @@ const minifyAndRename = lazypipe()
   .pipe(uglify)
   .pipe(rename, { extname: '.min.js' });

-gulp.task('default', ['build']);
-gulp.task('build', ['build-babel', 'build-babili']);
-
-gulp.task('build-babel', cb => {
-  pump([
-    gulp.src('src/index.js'),
-    webpackBuild('babel.js', 'Babel', require('./package.json').version),
-    gulp.dest('.'),
-    minifyAndRename(),
-    gulp.dest('.'),
-  ], cb);
-});
-gulp.task('build-babili', cb => {
-  pump([
-    gulp.src('src/babili.js'),
-    webpackBuild('babili.js', 'Babili', require('./packages/babili-standalone/package.json').version),
-    gulp.dest('packages/babili-standalone/'),
-    minifyAndRename(),
-    gulp.dest('packages/babili-standalone/'),
-  ], cb);
-});
+  gulp.task('build-babel', gulp.series(cb => {
+    pump([
+      gulp.src('src/index.js'),
+      webpackBuild('babel.js', 'Babel', require('./package.json').version),
+      gulp.dest('.'),
+      minifyAndRename(),
+      gulp.dest('.'),
+    ], cb);
+  }));
+  gulp.task('build-babili', gulp.series(cb => {
+    pump([
+      gulp.src('src/babili.js'),
+      webpackBuild('babili.js', 'Babili', require('./packages/babili-standalone/package.json').version),
+      gulp.dest('packages/babili-standalone/'),
+      minifyAndRename(),
+      gulp.dest('packages/babili-standalone/'),
+    ], cb);
+  }));
+gulp.task('build', gulp.series('build-babel', 'build-babili'));
+gulp.task('default', gulp.series('build'));
diff --git a/package.json b/package.json
index f2414d2..854cfad 100644
--- a/package.json
+++ b/package.json
@@ -17,7 +17,7 @@
     "url": "git+https://github.com/Daniel15/babel-standalone.git"
   },
   "devDependencies": {
-    "babel-core": "6.26.0",
+    "babel-core": "6.26.3",
     "babel-helper-builder-react-jsx": "6.23.0",
     "babel-loader": "6.4.1",
     "babel-plugin-check-es2015-constants": "6.22.0",
@@ -123,7 +123,7 @@
     "babel-preset-stage-1": "6.24.1",
     "babel-preset-stage-2": "6.24.1",
     "babel-preset-stage-3": "6.24.1",
-    "gulp": "^3.9.1",
+    "gulp": "^4",
     "gulp-rename": "^1.2.2",
     "gulp-uglify": "^2.0.1",
     "jest": "^18.1.0",

and then ran:
yarn
yarn run build
2019-05-30 17:08:37 +02:00
Joffrey JAFFEUX 6decdfce5c
DEV: reduces memory footprint of tests - step 1 (#7591) 2019-05-28 12:15:12 +02:00
Gerhard Schlager c1e9a70d59 FIX: Fallback locale was not available for extra translations
Translations from fallback locales were not sent to the client
for admin_js and wizard_js.
2019-05-24 11:38:26 +02:00
Joffrey JAFFEUX 6c6a6771af
FIX: adds groupBy to lodash available functions list (#7579) 2019-05-21 08:58:57 +02:00
Joffrey JAFFEUX b983b6cb87
SECURITY: lodash 4.17.11 (#7565)
This version also now includes _.find
2019-05-17 07:57:05 +02:00
Joffrey JAFFEUX fd1ae16f3b
FIX: wrong file used when updating lodash (#7564) 2019-05-17 00:32:58 +02:00
Joffrey JAFFEUX d47bf8b6c4
SECURITY: updates lodash from 1.3.0 to 4.17.5 (#7546) 2019-05-16 10:34:19 +02:00
Joffrey JAFFEUX d6452963cd Revert "Revert "FIX: simpler w function check (#7496)""
This reverts commit 0c0d05e8f2.
2019-05-08 08:14:09 +02:00
Joffrey JAFFEUX 0c0d05e8f2 Revert "FIX: simpler w function check (#7496)"
This reverts commit 2570311718.
2019-05-08 07:19:23 +02:00
Penar Musaraj 22d6203eb7 DEV: Use moment-timezone with 10-year range data
We do not need to use the full timezone dataset (it is a 950kb file!), only previous/next 5 years should suffice.
2019-05-07 23:42:49 -04:00
Joffrey JAFFEUX 2570311718
FIX: simpler w function check (#7496) 2019-05-07 17:57:35 +02:00
Sam Saffron d4bf7d6831 FIX: correctly display browser is old message to IE10
We dropped support for IE10 a while back but never amended the banner to
show it is not supported.

This properly drops support.
2019-05-06 10:45:45 +10:00
Joffrey JAFFEUX 4c444592d6
DEV: jquery 3.4.1 (#7470) 2019-05-02 12:18:32 +02:00
Joffrey JAFFEUX 9f07ced698
DEV: jquery 3.4.0 2019-04-26 15:01:26 +02:00
Joffrey JAFFEUX 5a40b3b478
DEV: updates moment.js and moment-timezone.js 2019-04-26 15:00:57 +02:00
Joffrey JAFFEUX b484fe7626
SECURITY: jquery CVE-2019-11358 2019-04-24 13:28:38 +02:00
Robin Ward adb9009374 SECURITY: Update Handlebars to 4.1
This is to address: https://www.npmjs.com/advisories/755

It is a low priority fix, as Discourse does not allow end users to input
raw handlebars templates.
2019-04-10 15:38:21 -04:00
Bianca Nenciu b5008586c5 DEV: Remove HTML parser from Tautologistics. (#7344) 2019-04-10 11:21:22 +02:00
Guo Xiang Tan d1fa2b71cf FIX: Letters between words incorrectly highlighted within post. 2019-04-03 15:57:51 +08:00
Penar Musaraj 4452332077 DEV: Update Mousetrap to 1.6.3 2019-03-25 10:01:55 -04:00
Joffrey JAFFEUX c18a6069c2
DEV: upgrades bootstrap-modal (#7235) 2019-03-21 14:18:12 +01:00
Joffrey JAFFEUX 02492679bd
FIX: experimental fix to Ember.ENV.EXTEND_PROTOTYPES rare exception (#7133) 2019-03-08 15:12:13 +01:00
Penar Musaraj 6d2708c3fb Bump FontAwesome icons to 5.7.2 2019-03-06 09:21:31 -05:00
Osama Sayegh d5efe2d7ee UX: make composer resize work on touch devices (#7068)
* UX: make composer resize work on touch devices

This also replaces a vendor dependency with a small built-in resize mechanism.

* Make blue bar's larger padding specific to touch devices
2019-02-26 08:04:14 +11:00
Penar Musaraj 9bf11a7c02
FEATURE: Add localized timezone names (#7004)
Uses github.com/discourse/moment-timezone-names-translations to translate timezone names.
Plugins can also provide their own timezone name translations.
2019-02-25 14:40:02 -05:00
Penar Musaraj 090e9c8432
FIX: make composer full screen shortcut work when inputs have focus (#6907)
- Uses a Mousetrap plugin for global shortcuts
- Implemented for search `ctrl+alt+f` and composer fullscreen `shift+f11` shortcuts
2019-02-14 00:19:27 -05:00
Penar Musaraj 5cef5b34ef DEV: Yarn-manage moment and moment-timezone libraries 2019-02-12 13:57:52 -05:00
Penar Musaraj c8c84f462b FIX: use Handlebars 4.0.12
Use 4.0.12 for both versions of Handlebars (runtime and not)
2019-01-14 12:56:14 -05:00
Penar Musaraj b28d68efbf DEV: Use yarn to manage Highlight.js dependency
Moves Highlight.js files to vendor/assets/javascripts

Adds Highlight.js in yarn package management

Removes old rake task and reliance on NPM to build Highlight.js

Highlight.js is now integrated in the "javascript:update" rake task
2019-01-14 12:46:35 -05:00
Joffrey JAFFEUX f9648de897
DEV: upgrades from Ember 2.13 to Ember 3.5.1 (#6808)
Co-Authored-By: Bianca Nenciu <nbianca@users.noreply.github.com>
Co-Authored-By: David Taylor <david@taylorhq.com>
2019-01-10 11:06:01 +01:00
Sam 0ca61242b8 FEATURE: polyfill intersection observer for IE11 / iOS Safari
This feature is used for defer loading of images and in future for post cloaking

This gives us a polyfill so we can safely use the feature in problem browsers

The polyfill supports "polling" but it does not appear we need it yet.

If we discover anything odd here, consider setting poll interval per:

https://github.com/w3c/IntersectionObserver/tree/master/polyfill

```
var io = new IntersectionObserver(callback);
io.POLL_INTERVAL = 100; // Time in milliseconds.
```

Keeping the mutation observer cause we often mutate the DOM
2018-12-12 15:36:08 +11:00
Penar Musaraj 56948896ff UX: replace FA5 compress/expand icons
Adds a new SVG sprite file that contains non-FontAwesome 5 icons to our subset.

Adds the FontAwesome 4.7.0 icons for expand / collapse.
2018-12-03 22:29:20 -05:00
David Taylor 404acef6e3 DEV: Move `run-qunit.js` out of the vendor directory 2018-12-03 16:16:37 +00:00
Sam 74b300110f DEV: lint run-qunit
also handles situation where startsWith is missing, when this happens
simply log

This corrects an issue where console.log explodes autospec
2018-11-27 17:41:29 +11:00
Penar Musaraj 03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Sam 42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Penar Musaraj 005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Kris c219a5fb1e
Add btn-default class to all default buttons (#6521) 2018-10-24 16:09:36 -04:00
Penar Musaraj 4ae9cb28e4 remove probes.js, highlight.pack.js 2018-10-04 13:50:54 -04:00
Penar Musaraj cd82107976 use yarn to manage test vendor dependencies, upgrade sinon to v6.3.5 2018-10-04 11:06:14 -04:00
Penar Musaraj dc8a16b43b
Use Yarn to manage dependencies, cleanup unused bootstrap libs (#6436) 2018-10-03 10:15:43 -04:00
Sam 49f1f10f75 file is a .js file so don't use let 2018-09-13 14:58:45 +10:00
Sam daa02431df FIX: remove div used to measure textarea position
Also corrects the positioning of autocomplete (when typing @ or emoji)

Previously there were edge conditions where autocomplete would be hundreds
of pixels away due to a bug measuring.


This correct an issue where Firefox ends up having an enormous blank space
at the bottom of topics after editing.
2018-09-13 14:53:32 +10:00
Guo Xiang Tan a033327b93 Manage qunit via yarn. 2018-09-11 15:07:28 +08:00
Guo Xiang Tan fb96ab4464
Delete pretender.js 2018-09-07 21:26:36 +08:00
Vinoth Kannan f896d6b021 FIX: Skip keypress event if alt key is down 2018-09-04 10:45:35 +05:30
Sam 4194886b62 correct failing test 2018-05-24 13:02:20 +10:00
Sam 54d153068a DEV: remove qunit rails fork and add a couple of async tests 2018-04-23 16:42:40 +10:00
Sam 6a0aeae91b DEV: clean up JavaScript testing
- Unify runner for autospec and qunit:test
- Report on slowest 30 tests
- Use async await instead of promise tower
2018-04-23 14:43:04 +10:00
Guo Xiang Tan 71b2f8ae1d Use an ENV to trigger `--remote-debugging-port` instead. 2018-04-12 10:12:02 +08:00
Guo Xiang Tan 560bb02f7c `--remote-debugging-port` is our best friend in headless mode. 2018-04-12 08:56:58 +08:00
Sam 420739e12c FEATURE: upgrade jQuery to version 3.3.1 2018-03-08 14:31:13 +11:00
Sam b57d4c87a4 FEATURE: update CommonMark to version 0.28 2018-03-08 12:19:53 +11:00
Joffrey JAFFEUX ac701696b3
FEATURE: replaces tag-chooser/tag-group-chooser with select-kit component
These component were also the last using select2. As a consequence select2 is removed from Discourse in this commit.
2018-02-26 11:42:57 +01:00
scossar d0c467babc Set caret-clone position based on rtl class 2018-01-19 09:53:39 -08:00
scossar b652791a20 Add id to clone div; override inline styles for rtl locales 2018-01-19 09:53:39 -08:00
Guo Xiang Tan 6a4f391e38 Switch to chrome headless mode instead of phantomjs. 2017-12-19 16:00:43 +08:00
Guo Xiang Tan 77fbb2306d Fix chrome-qunit-test.js wasn't exiting with the right error code. 2017-12-15 14:12:01 +08:00
David Taylor d65570a8a1 Preparation for using chrome for qunit in docker images (#5062)
Move use_chrome option to ENV variable
Rewrite script to work with node 6 (current LTS version used in discourse_docker)
Add node stuff to gitignore
2017-08-18 14:08:58 -04:00
David Taylor c981edfa20 Add option to run qunit tests in headless chrome (#5054) 2017-08-16 07:42:42 -04:00
Sam 902be91a5a FEATURE: CTRL+/ to trigger search even from composer 2017-08-02 16:26:03 -04:00
Régis Hanol 28a397398f change the *correct* timeout value 2017-07-24 11:44:33 +02:00
Régis Hanol 2779fde565 increase js tests suite timeout to allow more time to travis-ci 2017-07-24 11:28:32 +02:00
Joffrey JAFFEUX bd0607b15b makes emoji-picker position more dynamic 2017-07-19 22:54:55 +02:00
Sam Saffron d0c5205a52 Feature: Change markdown engine to markdown it
This commit removes the old evilstreak markdownjs engine.

- Adds specs to WhiteLister and changes it to stop using globals
    (Fixes large memory leak)
- Fixes edge cases around bbcode handling
- Removes mdtest which is no longer valid (to be replaced with
    CommonMark)
- Updates MiniRacer to correct minor unmanaged memory leak
- Fixes plugin specs
2017-07-17 11:41:34 -04:00
Sam 79a084dd58 Revert "remove old markdown engine work-in-progress"
This reverts commit ee470b5317.
2017-07-12 18:10:51 -04:00
Sam Saffron ee470b5317 remove old markdown engine work-in-progress 2017-07-12 17:44:40 -04:00
Guo Xiang Tan 6af40a6ade Remove unused `discourse_imgur` plugin. 2017-07-10 11:15:22 +09:00
Guo Xiang Tan 13f3de4bf6 Nuke all `SiteSetting.stubs` from our codebase. 2017-07-07 15:09:14 +09:00
Robin Ward 754c1e5438 Upgrade to Babel 6 2017-07-05 15:25:23 -04:00
Robin Ward 2f480e21a0 Stop using Babel source gem, which is no longer updated 2017-07-05 14:19:16 -04:00
Sam 234694b50f Feature: CommonMark support
This adds the markdown.it engine to Discourse.
https://github.com/markdown-it/markdown-it

As the migration is going to take a while the new engine is default
disabled. To enable it you must change the hidden site setting:
enable_experimental_markdown_it.

This commit is a squash of many other commits, it also includes some
improvements to autospec (ability to run plugins), and a dev dependency
on the og gem for html normalization.
2017-06-23 12:01:33 -04:00
Guo Xiang Tan d82dbd565b FIX: Remove dependency on `rest-client`. 2017-06-16 09:42:41 +09:00
Robin Ward cc525b1a8d Upgrade QUnit to latest version 2017-06-15 10:12:07 -04:00
Arpit Jalan 266acbcc6c Update Translations 2017-05-29 12:23:49 +05:30
Robin Ward 1ef43c33d8 Don't pre-minifiy autoellipsis 2017-05-18 15:16:15 -04:00
Neil Lalonde 8651fc57a5 Update translations 2017-05-15 11:11:18 -04:00
Neil Lalonde c19bf7e1bd Update translations 2017-03-28 10:50:09 -04:00
Robin Ward 0c46f51412 Use unminified resize to make debugging easier 2017-03-22 16:39:18 -04:00
Robin Ward f97a6598aa Use the same jQuery in prod and dev, avoid minimizing twice 2017-03-22 15:48:37 -04:00
Neil Lalonde 4271aa0b48 Update translations 2017-03-08 11:54:01 -05:00
Neil Lalonde d848916357 FEATURE: Greek language support, thanks to Vasilis Vlachokyriakos 2017-03-01 15:52:55 -05:00
Robin Ward ba8202d199 FIX: Silence DOMException errors when running phantomjs 2017-02-17 16:21:35 -05:00
Neil Lalonde 56233e9ec6 Update translations 2017-02-13 16:42:15 -05:00
Neil Lalonde 8ab327665f Update translations 2017-01-26 12:22:14 -05:00
Robin Ward e03d5e2140 Reapply Ember 2.10 for good this time!
This reverts commit ddd299f4aa.
2016-12-19 11:19:10 -05:00
Robin Ward ddd299f4aa Revert "Revert "Revert Ember 2.10+ for a short while""
This reverts commit 76bbc481cb.
2016-12-16 10:29:30 -05:00
Robin Ward 76bbc481cb Revert "Revert Ember 2.10+ for a short while"
This reverts commit 21682fd60b.
2016-12-16 09:52:29 -05:00
Robin Ward 21682fd60b Revert Ember 2.10+ for a short while 2016-12-15 16:43:38 -05:00
Robin Ward 28699e66d8 Revert "REVERT: Ember 2.10 -- it's not building properly"
This reverts commit 600541c623.
2016-12-15 10:28:15 -05:00
Neil Lalonde bad98a4987 Update translations 2016-12-14 13:55:24 -05:00
Robin Ward 600541c623 REVERT: Ember 2.10 -- it's not building properly 2016-12-12 16:19:05 -05:00
Robin Ward 765e5e9186 Upgrade to Ember 2.9 2016-12-12 14:44:29 -05:00
Sawood Alam 49fc54aac6 Add initial Urdu support with RTL direction 2016-12-03 23:17:51 -05:00
Guo Xiang Tan 2ffb42a055 Fix qunit tests on Travis. 2016-11-30 16:30:58 +08:00
Robin Ward 3765ee84e5 FIX: Syntax error in phantomjs 2016-11-25 14:59:16 -05:00
Robin Ward 3bd5ac8015 Fix Wizard unit tests 2016-11-25 14:29:45 -05:00
Robin Ward 2d3518f475 Enable newer version of Ember 2016-11-25 10:09:58 -05:00
Guo Xiang Tan ed78b47745 Increase timeout for all qunit tests.
* Timeout any test that takes more than 10 seconds.
2016-11-16 18:07:30 +08:00