Commit Graph

267 Commits

Author SHA1 Message Date
Guo Xiang Tan e3b4632f04
Revert "Create proper shim for xss library"
This reverts commit 30e9112535.
2020-09-15 11:38:40 +08:00
Robin Ward 30e9112535 Create proper shim for xss library 2020-09-14 15:57:32 -04:00
dependabot[bot] d21119ee4f Build(deps): Bump lodash in /app/assets/javascripts/pretty-text
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.20.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.20)

Signed-off-by: dependabot[bot] <support@github.com>
2020-09-08 10:25:45 -04:00
dependabot[bot] 27751ca69f
Build(deps): Bump websocket-extensions (#10617)
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4.
- [Release notes](https://github.com/faye/websocket-extensions-node/releases)
- [Changelog](https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-07 12:02:38 +02:00
dependabot[bot] 2cb0f013cc
Build(deps): Bump elliptic in /app/assets/javascripts/pretty-text (#10611)
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-07 12:02:09 +02:00
dependabot[bot] c119c07fa4
Build(deps): Bump http-proxy in /app/assets/javascripts/pretty-text (#10614)
Bumps [http-proxy](https://github.com/http-party/node-http-proxy) from 1.18.0 to 1.18.1.
- [Release notes](https://github.com/http-party/node-http-proxy/releases)
- [Changelog](https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/http-party/node-http-proxy/compare/1.18.0...1.18.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-07 12:00:10 +02:00
Joffrey JAFFEUX 52672b9eab
DEV: apply new coding standards (#10592) 2020-09-04 13:42:47 +02:00
Robin Ward 3a46e44ed8 Rename `merge` to `deepMerge` so it's more clear what it's doing 2020-09-03 10:03:33 -04:00
Robin Ward c4079780be REFACTOR: Remove `_.merge` 2020-09-03 10:03:33 -04:00
Robin Ward 0da953b40e REFACTOR: Remove `_.compact` 2020-09-03 10:03:33 -04:00
Robin Ward 0b098566ff REFACTOR: Remove `_.union` 2020-09-03 10:03:33 -04:00
Joffrey JAFFEUX 226be994da
REFACTOR: rewrite the emoji-picker (#10464)
The emoji-picker is a specific piece of code as it has very strong performance requirements which are almost not found anywhere else in the app, as a result it was using various hacks to make it work decently even on old browsers.

Following our drop of Internet Explorer, and various new features in Ember and recent browsers we can now take advantage of this to reduce the amount of code needed, this rewrite most importantly does the following:
- use loading="lazy" preventing the full list of emojis to be loaded on opening
- uses InterserctionObserver to find the active section
- limits the use of native event listentes only for hover/click emojis (for performance reason we track click on the whole emoji area and delegate events), everything else is using ember events
- uses popper to position the emoji picker
- no jquery code
2020-08-24 14:20:51 +02:00
Martin Brennan 9022e4516f
FIX: Remove unnecessary audio/video parent element load (#10511)
Meta report: https://meta.discourse.org/t/sending-many-requests-for-video-audio-upload-while-editing-post/161487

When typing in the composer we are sending a lot of unnecessary load() requests for the video/audio elements. This line was added months ago before we improved previewing/video thumbnails, which have improved things, so it is no longer required. After removing this line everything still works and no more additional requests are sent.
2020-08-24 13:18:38 +10:00
Jarek Radosz be6a73f654 DEV: Fix package.json issues and reroll yarn.lock 2020-08-14 12:00:35 +02:00
Rafael dos Santos Silva 2ea17c06dd
FEATURE: Allow picture HTML element in posts 2020-07-28 20:26:32 -03:00
Rafael dos Santos Silva c65c3407f8
FIX: Allow playsinline for videos in posts
This is used in webkit browsers mostly.
2020-07-28 19:03:54 -03:00
Jarek Radosz 223b6d17bf DEV: Fix a function name typo 2020-07-27 11:22:57 +02:00
Krzysztof Kotlarek e0d9232259
FIX: use allowlist and blocklist terminology (#10209)
This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 10:23:54 +10:00
Martin Brennan 62f2e1f971
FIX: Stop double prepending of window.location.origin on media URLs (#10275)
This fixes an issue where sometimes when composing a post and uploading a video/audio file, _loadCachedShortUrls/the uploads controller would return a full URL with origin, instead of just the URL with the host e.g. http://localhost:3000/some/video.mp4 instead of just //localhost:3000/some/video.mp4. We were prepending window.location.origin onto the URL no matter what, and since http://localhost:3000/some/video.mp4 does not match the host URL regex, we were ending up with something like http://localhost:3000http://localhost:3000/some/video.mp4 which broke composer previews. This was only noticed with a video upload in a secure upload environment.
2020-07-22 09:23:55 +10:00
Jarek Radosz de79f19947
Revert "UX: Style video elements, show descriptions (#10040)" (#10258)
This reverts commit 7d289a4f3e.

Now that 36bad0c31f is in and we have video previews on all platforms, the commit that's being reverted is no longer needed. In the worst case scenario, the video description is clipped under the video poster if the video aspect ratio is other than 16:9. This commit removes descriptions and the custom style for the video elements.

# Conflicts:
#	app/assets/javascripts/pretty-text/addon/engines/discourse-markdown-it.js
#	test/javascripts/lib/pretty-text-test.js
2020-07-17 23:31:01 +02:00
Penar Musaraj 34bbd51350
FIX: regression in secure URL generation, followup to 36bad0c 2020-07-15 18:52:59 -04:00
Penar Musaraj 36bad0c31f
FIX: Preload metadata for audio/video when secure media enabled
Fixes an issue with missing video previews. Should have no side effects now that presigned URLs expire after 5 minutes.
2020-07-15 18:36:51 -04:00
Martin Brennan af7ce5d6eb
Revert "DEV: Add debug hint in discourse-markdown-it"
This reverts commit 5a4855b992.
2020-07-15 11:23:28 +10:00
Martin Brennan 5a4855b992
DEV: Add debug hint in discourse-markdown-it
This console.debug message ONLY shows if isDevelopment() is
true for the environment
2020-07-15 11:18:41 +10:00
Rafael dos Santos Silva 72534223f3 FEATURE: Allow video tag attributes for video gifs 2020-07-14 13:46:45 -03:00
Bianca Nenciu 275b748016
FIX: Replace links to removed uploads from reviewables with a placeholder (#10180) 2020-07-10 17:57:06 +03:00
Kris 4f12768d10 UX: Remove extra space added by img resize controls in composer preview 2020-07-06 19:11:58 -04:00
Jarek Radosz 7d289a4f3e
UX: Style video elements, show descriptions (#10040)
It's a stop gap – ideally we would generate a thumbnail for uploaded videos. For now, a bit of intentionality in the style and a pinch of context should do.
2020-06-17 12:38:00 +02:00
David Taylor 293467a37a
REFACTOR: Remove jquery usage from resolveAllShortUrls, and fix debounce
- This function now requires an explicit scope. It will never run on the entire document.

- Previously debounce was being used with an anonymous function, which means it was having no effect.
2020-06-05 17:15:14 +01:00
David Taylor 0f09fd22f3
DEV: Remove attachment css handling from resolveAllShortUrls
This was moved inside the markdown processor in 65481858, so there is no longer any need to run this logic after cooking
2020-06-05 15:12:30 +01:00
Joffrey JAFFEUX 77801aa9be
FIX: allows to have custom emoji translation without static file (#9893) 2020-05-27 20:11:52 +02:00
Robin Ward 8311374a5a DEV: Replace `version.js.erb` with pre generated file 2020-05-11 15:43:09 -04:00
Robin Ward d2b16a7618
DEV: Generate `emoji/data` on demand (#9744)
These emoji rarely change and can be re-generated when we make changes
to them.
2020-05-11 15:29:46 -04:00
Joffrey JAFFEUX 00a038d646
REFACTOR: removes various assignments and superfluous params (#9699) 2020-05-08 09:19:48 +02:00
Robin Ward f9608c0af5 DEV: Remove INLINE_ONEBOX_* constants
There were two constants here, `INLINE_ONEBOX_LOADING_CSS_CLASS` and
`INLINE_ONEBOX_CSS_CLASS` that were both longer than the strings they
were DRYing up: `inline-onebox-loading` and `inline-onebox`

I normally appreciate constants, but in this case it meant that we had
a lot of JS imports resulting in many more lines of code (and CPU cycles
spent figuring them out.)

It also meant we had an `.erb` file and had to invoke Ruby to create the
JS file, which meant the app was harder to port to Ember CLI.

I removed the constants. It's less DRY but faster and simpler, and
arguably the loss of DRYness is not significant as you can still search
for the `inline-onebox-loading` and `inline-onebox` strings easily if
you are refactoring.
2020-05-07 16:14:38 -04:00
Robin Ward 3567a90661 DEV: Ember Addon needs a vendor dir 2020-05-07 15:45:35 -04:00
Robin Ward 79c64eaeff
DEV: Move pretty-text into an ember-addon format (#9689) 2020-05-07 12:37:47 -04:00
Joffrey JAFFEUX e74170cd9e
REFACTOR: Superfluous arguments passed to function resolveSize (#9678)
resolveSize accepts only one param
2020-05-07 16:36:15 +02:00
Joffrey JAFFEUX affc79bb68
REFACTOR: removes useless assignment to local variable (#9676) 2020-05-07 16:35:54 +02:00
Joffrey JAFFEUX a078b086ba
REFACToR: removes useless assignment to local variable (#9675) 2020-05-07 16:34:36 +02:00
Joffrey JAFFEUX 864f48b2e6
REFACTOR: removes useless conditional (#9668)
Given we will return true on the line before if inlineEmoji, this will always be false.
2020-05-07 16:25:23 +02:00
Joffrey JAFFEUX 01272f2085
REFACTOR: removes unreachable code (#9665)
* REFACTOR: removes unreachable code

* this one too
2020-05-07 16:24:54 +02:00
Robin Ward d615de9139
DEV: Support for `import Handlebars from 'handlebars'`; (#9600)
* Remove Handlebars.SafeString usage

* DEV: Support for `import Handlebars from 'handlebars'`;

* FIX: Sprockets was broken when `node_modules` was present

By default the old version of sprockets looks for application.js
anywhere, including in a node_modules folder if this exists
(which it will when we move to Ember CLI.)
2020-04-30 16:41:02 -04:00
Roman Rizzi 64ec771dc6
REFACTOR: Resize controls (#9393) 2020-04-09 12:13:15 -03:00
Joffrey JAFFEUX 0996c3b7b3
FEATURE: allows multiple custom emoji groups (#9308)
Note: DBHelper would fail with a sql syntax error on columns like "group".

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2020-03-30 20:16:10 +02:00
Jarek Radosz 67b34600d5
DEV: Use `type` instead of `method` in ajax calls (#8974)
Even though `type` is an alias for `method`, we have custom logic in `/discourse/lib/ajax` that checks only `type`, and ~200 other ajax calls in the codebase already use `type` param.
2020-03-26 21:00:10 +01:00
Robin Ward c150566506
Migrate pretty-text to `.js` extensions (#9243) 2020-03-20 09:55:42 -04:00
Joffrey JAFFEUX d2bb127e2c
FIX: prevents crash when to be unescaped emoji is not a string (#9189)
I couldn't get a repro so this is a shot in the dark and doesn't solve the root issue, but should prevent topic view from crashing.
2020-03-12 13:59:43 +01:00
Martin Brennan 3e54e0191e
FIX: Use full URL for secure attachments when secure media enabled (#9037)
When secure media is enabled and an attachment is marked as secure we want to use the full url instead of the short-url so we get the same access control post protections as secure media uploads.
2020-03-04 10:11:08 +11:00
Martin Brennan 0df72a51b8
FIX: Stop infinite lookup-urls issue for video/audio on page (#9096)
Meta report: https://meta.discourse.org/t/excessive-requests-to-uploads-lookup-urls-leading-to-429-response/143119

* The data-orig-src attribute was not being removed from cooked
video and audio so the composer was infinitely trying to get the
URLs for them, which would never resolve to anything
* Also the code that retrieved the short URL was unscoped, and was
getting everything on the page. if running from the composer we
now scope to the preview window
* Also fixed a minor issue where the element href for the video
and audio tags was not being set when the short URL was found
2020-03-03 15:44:01 +11:00