We were counting all the oneboxes in the DOM instead of just the ones in the preview.
Also refactored the logic to count up to 'max_oneboxes_per_post` instead of down to 0.
That also ensured we don't load 11 oneboxes when the setting is limiting to 10.
The dollar sign (`$`) is a special replace pattern, and `$&` inserts the
matched string. Thus dollars signs need to be escaped with the special
pattern `$$`, which inserts a single `$`.
In development, we track the last requested theme id, and use that to refresh the correct stylesheet targets. The after_action hook runs on every request, but the preview_theme_id parameter is only sent on the initial HTML request. This commit ensures we only fetch the development theme_id on HTML requests
To demonstrate the issue:
- Visit https://meta.discourse.org/#somethingHere while logged in
- Click "log out"
- You will be logged out, but the page will not be reloaded
Setting `window.location.pathname = "/"` will not reload the page if there is a hash present. Using `window.location = "/"` gives us the desired behavior.
In IE11, the browser returns the cached HTML response, rather than the JSON formatted response. A better solution may be to add a `Vary: Accept` header to all of our HTML responses, but this commit should solve the immediate issue.
`fancy_title` is already escaped by Rails. Escaping it again would print
the HTML entity as-is, e.g. `"` instead of `"`.
This fixes the issue by introducing a new `escapedContent` attribute on
the `QuickAccessItem` widget.
* FIX: Cast all numerical values in reports
The backend can return some numerical values in report as strings. That results in unexpected order of values when sorting report tables.
* Create `toNumber()` helper
The `typeof` and `parseFloat` seem to be the fastest path: https://jsperf.com/number-vs-typeof-vs-parsefloat#results
* Adjustments to pass specs on Rails 6.0.0
* Use classic autoloader instead of Zeitwerk
* Update Rails 6.0.0 deprecated methods
* Rails 6.0.0 not allowing column with integer name
* Drop freedom_patches/rails6.rb
* Default value for trigger_transactional_callbacks? is true
* Bump rspec-rails version to 4.0.0.beta2
* FIX: inline_uploads and subfolder
* if subfolder, also look for images with a path containing
cdn_url + relative_url_root
* FIX: migrate_to_s3 task and subfolder
New site setting: `embed_any_origin` that will send postMessages to
wildcard origins `*` instead of the referer.
Most of the time you won't want to do this, so the setting is default to
`false`. However, there are certain situations where you want to allow
embedding to send post messages when there is no HTTP REFERER.
For example, if you created a native mobile app and you wanted to embed a list
of Discourse topics as HTML. In the code your HTML would be a
static file/string, which would not be able to send a referer. In this
case, the site setting will allow the embed to work.
From a security standpoint we currently only use `postMessage` to send
data about the size of the HTML document and scroll position, so it
should be enable if required with minimal security ramifications.
Kris
Régis Hanol
David Taylor
Robin Ward
Arpit Jalan
Kyle Zhao
Dan Ungureanu
romanrizzi
Penar Musaraj
Vinoth Kannan
hawm
Jarek Radosz
Krzysztof Kotlarek
Neil Lalonde
Gerhard Schlager
Rishabh
Leo McArdle
Sam Saffron
Michael Brown
Joffrey JAFFEUX
Bianca Nenciu