discourse/discourse-placeholder-theme-component
1
0
Fork 0
mirror of https://github.com/discourse/discourse-placeholder-theme-component.git synced 2025-06-13 02:32:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
80 Commits 4 Branches 0 Tags
Commit Graph

80 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jarek Radosz
a2447f34ea
DEV: Update linting config and run gjs-codemod (#59) 
* DEV: Update linting config and run gjs-codemod

* DEV: Update linting config and run gjs-codemod
 2025-06-06 11:57:21 +01:00
Sérgio Saquetim
279871bdfd
DEV: Fix compatibility with the Glimmer Post Stream (#57) 2025-05-06 15:08:09 -03:00
Loïc Guitaut
3e4d2020a1
DEV: Add system spec to check core features are working fine (#56) 2025-04-09 15:34:02 +02:00
Jarek Radosz
f5f0d83d2f
DEV: Update linting (#55) 2025-03-19 11:55:53 +00:00
dependabot[bot]
55b0e562ae
Build(deps-dev): bump rack from 3.1.8 to 3.1.10 (#52) 
Bumps [rack](https://github.com/rack/rack) from 3.1.8 to 3.1.10.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v3.1.8...v3.1.10)

---
updated-dependencies:
- dependency-name: rack
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-12 22:10:53 +01:00
David Taylor
dc93260374
DEV: Bump dependencies and fix linting (#51) 2025-02-06 18:42:50 +01:00
David Taylor
96b09dd3a6
DEV: Pin version for Discourse <3.5.0.beta1-dev (#50) 2025-02-05 19:46:41 +01:00
David Taylor
515cab41e9
DEV: Update linting (#49) 2024-11-28 15:25:37 +01:00
David Taylor
32d2dcd864
DEV: Update linting (#48) 2024-11-20 19:17:25 +01:00
David Taylor
7d53aeef40
DEV: Update eslint config (#47) 2024-11-19 15:22:40 +01:00
Kelv
ae4ec14521
DEV: Update linting setup (#46) 2024-10-17 11:28:24 +02:00
Kelv
3dc1a05bf1
DEV: Switch to use pnpm (#45) 2024-10-14 11:27:12 +02:00
Discourse Translator Bot
b4ffb4772f
Update translations (#44) 2024-10-02 08:50:29 +02:00
David Taylor
296864048a
FIX: Scope a[href] detection to post (#43) 
Corrects typo in a37e4bf266cc2952156080ed3f269cd29f71bb6b
 2024-09-04 09:49:57 +01:00
David Taylor
a37e4bf266
FIX: Restore replacement functionality for a[href] attributes (#42) 
Followup to 948634fe310ed8c7fbdc21811ef201f4b5c4f306
 2024-09-04 09:31:17 +01:00
dependabot[bot]
83d5f2f914
Build(deps): bump micromatch from 4.0.5 to 4.0.8 (#41) 
Bumps [micromatch](https://github.com/micromatch/micromatch) from 4.0.5 to 4.0.8.
- [Release notes](https://github.com/micromatch/micromatch/releases)
- [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/micromatch/compare/4.0.5...4.0.8)

---
updated-dependencies:
- dependency-name: micromatch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-01 12:43:49 +02:00
David Taylor
569b566d38
FIX: Multiple placeholders in a single post (#40) 
The changes in 948634fe310ed8c7fbdc21811ef201f4b5c4f306 meant that only the most-recently-changed placeholder is actually applied.

This commit refactors things so that we store all placeholder values in JS, and then apply them all in a single pass over the DOM. As well as fixing the bug, this should be a significant perf improvement for posts with lots of placeholders

Also introduces some simple system specs.
---------

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
 2024-08-29 12:37:21 +01:00
David Taylor
cbea5f6471
DEV: Update compatibility file 2024-08-29 10:16:48 +01:00
David Taylor
948634fe31
SECURITY: Apply transformations to text nodes only 
Previously, the replacement system would modify raw HTML, which is prone to issues and vulnerabilities. With this commit, we iterate over text nodes only, and do simple string replacements on their content. That means that the user input never gets passed into an HTML parser, and there is no chance of injection attacks.

The re-rendering system is also simplified to store the original value for re-use later, instead of mapping position/length of replacements.

This does mean the behavior is changed slightly. Replacements will no longer be applied to html attributes (e.g `a[href]`). If this affects your use-case, please let us know [on Meta](https://meta.discourse.org/t/113533).

This is a followup to the fix in a62f711d5600e4e5d86f342d52932cb6221672e7
 2024-08-29 10:15:53 +01:00
Joffrey JAFFEUX
a62f711d56
SECURITY: properly escape user input (#38) 
We were failing to correctly escape content which we would then inject in the HTML of the post causing an XSS.

Note this XSS is stopped by CSP.
 2024-08-20 18:06:58 +02:00
Discourse Translator Bot
57045bc9e5
Update translations (#37) 2024-08-20 17:54:48 +02:00
Discourse Translator Bot
5e61e49ef5
Update translations (#36) 2024-08-13 16:34:43 +02:00
Natalie Tay
2a1f703999
DEV: Pin theme for Discourse < 3.4.0.beta1-dev (#35) 2024-08-02 17:47:11 +08:00
Discourse Translator Bot
c7c7c99a6c
Update translations (#34) 2024-07-09 23:12:28 +02:00
dependabot[bot]
34e52524ec
Build(deps): bump braces from 3.0.2 to 3.0.3 (#33) 
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-20 11:33:33 +02:00
Discourse Translator Bot
139284225f
Update translations (#32) 2024-06-18 15:41:02 +02:00
Discourse Translator Bot
154059ba14
Update translations (#31) 2024-06-11 17:22:13 +02:00
Discourse Translator Bot
687b0e4798
DEV: Add Crowdin support (#30) 2024-06-11 13:37:43 +02:00
JimmyJammyDodger
bd6e5beee9
Update about.json (#29) 2024-06-09 10:09:13 +01:00
David Taylor
a319c0baa1
DEV: Update linting (#28) 2024-03-27 18:55:28 +01:00
Selase Krakani
51df0ef4a6
DEV: Pin theme for Discourse < 3.3.0.beta1-dev (#27) 2024-02-29 12:59:20 -07:00
Jarek Radosz
05a727efd5
DEV: Use the new modal api (#26) 2023-12-05 23:15:32 +01:00
Alan Guo Xiang Tan
344f4dd0ea
DEV: Switch to new addComposerToolbarPopupMenuOption plugin API (#25) 
Why this change?

`api.addToolbarPopupMenuOptionsCallback` has been deprecated in 913fd3a7b3
 2023-10-23 08:08:57 +08:00
dependabot[bot]
3ca2000263
Build(deps): bump @babel/traverse from 7.20.10 to 7.23.2 (#24) 
Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.20.10 to 7.23.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-18 12:58:02 -04:00
Penar Musaraj
fb1cf21616
DEV: Pin theme for Discourse 3.1 stable (#23) 2023-08-22 14:03:25 -05:00
dependabot[bot]
322db3406e
Build(deps): bump word-wrap from 1.2.3 to 1.2.4 (#22) 
Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4)

---
updated-dependencies:
- dependency-name: word-wrap
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-19 01:01:08 +02:00
dependabot[bot]
7b73d87557
Build(deps): bump semver from 6.3.0 to 6.3.1 (#21) 
Bumps [semver](https://github.com/npm/node-semver) from 6.3.0 to 6.3.1.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v6.3.0...v6.3.1)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-12 14:13:36 +02:00
Bastiaan Quast
20f155de34
plugin-> theme component (#20) 2023-02-04 15:57:50 +01:00
discoursebot
f0fcd8b357
DEV: Update CI workflows (#18) 
Co-authored-by: discoursebuild <build@discourse.org>
 2023-01-10 19:30:47 +00:00
David Taylor
8fe8b1d4d1
DEV: Update eslint-config-discourse, use prettier for hbs (#17) 2023-01-04 13:46:24 +01:00
dependabot[bot]
e7ec81230a
Build(deps): bump json5 from 2.2.1 to 2.2.2 (#16) 
Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](https://github.com/json5/json5/compare/v2.2.1...v2.2.2)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-30 22:50:29 -05:00
discoursebot
b26276efa2
DEV: Update CI workflows (#15) 
Co-authored-by: discoursebuild <build@discourse.org>
 2022-12-30 22:40:36 -05:00
discoursebot
8e7d40c23e
DEV: Update CI workflows (#14) 
Co-authored-by: discoursebuild <build@discourse.org>
 2022-11-07 14:14:16 -06:00
Jan Cernik
3918061c50
DEV: Replace bootbox alert dialog (#13) 2022-10-31 08:04:38 -03:00
Joffrey JAFFEUX
be75773375
FIX: fully rely on keyValueStore to prevent error (#12) 
* FIX: fully rely on keyValueStore to prevent error

The component was generating errors for some users due to direct access to `localStorage`:

```
TypeError: Cannot convert undefined or null to object
    at Function.keys (<anonymous>)
    at Object.expireOldValues (https://d3bpeqsaub0i6y.cloudfront.net/theme-javascripts/33bf35dc19b970a42f8c1e7d57d8cc72d6205bbd.js?__ws=meta.discourse.org:157:14)
    at Object.initialize (https://d3bpeqsaub0i6y.cloudfront.net/theme-javascripts/33bf35dc19b970a42f8c1e7d57d8cc72d6205bbd.js?__ws=meta.discourse.org:193:12)
    at o.initialize (https://d11a6trkgmumsb.cloudfront.net/assets/discourse-2bd9a9aa6b5c9cbee990a03159f5bff41fe503fe74814c3b66b3770876913dd5.gz.js:68:38)
```

This commits removes old unnecessary code using cookies and uses latest API from core `removeKeys`. Old discourse instances will just not evict old keys which is a minor annoyance.

* linting
 2022-08-22 00:25:50 +02:00
Jarek Radosz
faf88c2209
DEV: Fix key-value-store:main deprecation (#11) 2022-08-13 22:40:11 +02:00
Jarek Radosz
ba7ca9e588
DEV: Fix typo (#10) 2022-08-13 22:39:58 +02:00
Jarek Radosz
1c4f5b1a99
DEV: Add CI setup and fix linting issues (#9) 2022-06-18 21:27:31 +02:00
dependabot[bot]
c9dde66727
Build(deps): bump minimist from 1.2.5 to 1.2.6 (#8) 
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-31 11:53:13 +02:00
David Taylor
9a002eed80
FIX: Dropdowns following recent refactoring (#7) 2022-01-13 16:48:07 -08:00