| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | better approach to unescaping | Henry Jameson | 2022-02-03 |
| | | |||
| * | entity_normalizer: Escape name when parsing user | rinpatch | 2021-11-16 |
| | | | | | | | | | | | | | | | | | | | | | | | In January 2020 Pleroma backend stopped escaping HTML in display names and passed that responsibility on frontends, compliant with Mastodon's version of Mastodon API [1]. Pleroma-FE was subsequently modified to escape the display name [2], however only in the "name_html" field. This was fine however, since that's what the code rendering display names used. However, 2 months ago an MR [3] refactoring the way the frontend does emoji and mention rendering was merged. One of the things it did was moving away from doing emoji rendering in the entity normalizer and use the unescaped 'user.name' in the rendering code, resulting in HTML injection being possible again. This patch escapes 'user.name' as well, as far as I can tell there is no actual use for an unescaped display name in frontend code, especially when it comes from MastoAPI, where it is not supposed to be HTML. [1]: https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1052 [2]: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2167 [3]: https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1392 | ||
| * | Merge branch 'fix-favico-badge-chrome' into 'develop' | HJ | 2021-09-07 |
| |\ | | | | | | | | | fix favico badge not working on chrome See merge request pleroma/pleroma-fe!1391 | ||
| | * | handle multiple favicons (different sizes) | Henry Jameson | 2021-06-02 |
| | | | |||
| | * | fix favico badge not working on chrome | Henry Jameson | 2021-06-02 |
| | | | |||
| * | | fix tests | Henry Jameson | 2021-08-15 |
| | | | |||
| * | | remove old emoji added, everything emoji-bearing uses RichContent now | Henry Jameson | 2021-08-13 |
| | | | |||
| * | | richcontent support in polls, user cards and user profiles | Henry Jameson | 2021-08-13 |
| | | | |||
| * | | support richcontent in polls | Henry Jameson | 2021-08-13 |
| | | | |||
| * | | fix rich images | Henry Jameson | 2021-06-18 |
| | | | |||
| * | | refactored line converter, untied its logic from greentexting, better | Henry Jameson | 2021-06-13 |
| | | | | | | | | | handling of broken cases | ||
| * | | review + fixes | Henry Jameson | 2021-06-12 |
| | | | |||
| * | | cleanup | Henry Jameson | 2021-06-12 |
| | | | |||
| * | | restructure and tests | Henry Jameson | 2021-06-12 |
| | | | | | | | | | squash! restructure and tests | ||
| * | | fix #935 | Henry Jameson | 2021-06-11 |
| | | | |||
| * | | fixed console errors, improved user-selecting, added cyantexting | Henry Jameson | 2021-06-11 |
| | | | |||
| * | | Hellthread(tm) Certified | Henry Jameson | 2021-06-10 |
| | | | |||
| * | | new mentions look | Henry Jameson | 2021-06-07 |
| | | | |||
| * | | renamed StatusText to StatusBody for clarity, fixed chats | Henry Jameson | 2021-06-07 |
| | | | |||
| * | | some docs, added richcontent to usernames in status, updated stillImage | Henry Jameson | 2021-06-07 |
| | | | | | | | | | to allow scale of "gif" label | ||
| * | | made getAttrs correctly handle both ' and " | Henry Jameson | 2021-06-07 |
| | | | |||
| * | | fix emoji processor not leaving string as-is if no emoji are found | Henry Jameson | 2021-06-07 |
| | | | |||
| * | | [WIP] MUCH better approach to replacing emojis with still versions | Henry Jameson | 2021-06-07 |
| |/ | |||
| * | Merge branch 'flash-support' into 'develop' | HJ | 2021-05-31 |
| |\ | | | | | | | | | Flash support See merge request pleroma/pleroma-fe!1380 | ||
| | * | do not load ruffle multiple times! | Henry Jameson | 2021-04-12 |
| | | | |||
| | * | whooops dropped my monstercondo | Henry Jameson | 2021-04-12 |
| | | | |||
| | * | experimental flash support through ruffle | Henry Jameson | 2021-04-09 |
| | | | |||
| * | | entity_normalizer: safely check screen_name | Matilde Park | 2021-04-21 |
| |/ | | | | Prevents a crash on undefined screen name cases. | ||
| * | Merge branch 'settings-import-export' into 'develop' | HJ | 2021-04-07 |
| |\ | | | | | | | | | Settings backup/restore + small fixes See merge request pleroma/pleroma-fe!1372 | ||
| | * | cleanup + fix | Henry Jameson | 2021-03-08 |
| | | | |||
| | * | changed importexport into a service instead of component for simplicity | Henry Jameson | 2021-03-08 |
| | | | |||
| | * | fixed another problem with p's broken theme causing theme editor to | Henry Jameson | 2021-03-08 |
| | | | | | | | | | become unusable | ||
| * | | streamlined WS flow, reduced spam amount related to WS reconnections | Henry Jameson | 2021-03-09 |
| | | | |||
| * | | WIP some work on making errors less spammy | Henry Jameson | 2021-03-08 |
| | | | |||
| * | | Merge remote-tracking branch 'origin/develop' into websocket-fixes | Henry Jameson | 2021-03-08 |
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * origin/develop: (119 commits) Apply 1 suggestion(s) to 1 file(s) Make it possible to localize user highlight options remove shoutbox test hacks fix shoutbox header, use custom scroll-to-bottom system, remove vue-chat-scroll, temporarily add chat test hack update changelog with 2.3.0 change icons around Translated using Weblate (Japanese) Update timeline_quick_settings.js add screen_name_ui to tests separate screen_name and screen_name_ui with decoded punycode Update CHANGELOG.md add basic validation for statusless status notifications changelog mention fix chat unread badge update shelljs to get rid of warnings on build save a few characters focus input in emoji picker and react picker fix vue warnings add only to wording basic loggedin check for reply filtering ... | ||
| | * | Merge branch 'develop' into 'fix/punycode-buggy' | Shpuld Shpludson | 2021-02-27 |
| | |\ | | | | | | | | | | # Conflicts: # CHANGELOG.md | ||
| | | * | add basic validation for statusless status notifications | Shpuld Shpuldson | 2021-02-26 |
| | | | | |||
| | * | | separate screen_name and screen_name_ui with decoded punycode | Shpuld Shpuldson | 2021-02-26 |
| | |/ | |||
| | * | get rid of older messages when scrolling down in chat to keep it from ↵ | Shpuld Shpuldson | 2021-02-17 |
| | | | | | | | | | bloating dom | ||
| | * | fallback if shadows aren't defined | Henry Jameson | 2021-01-28 |
| | | | |||
| | * | Fix p's weird corrupt theme data crashing theme engine | Henry Jameson | 2021-01-23 |
| | | | |||
| | * | Merge branch 'feat/language-picker-native-names' into 'develop' | Shpuld Shpludson | 2021-01-21 |
| | |\ | | | | | | | | | | | | | Use native language names in the language picker See merge request pleroma/pleroma-fe!1302 | ||
| | | * | Use native language names in the language picker | rinpatch | 2021-01-21 |
| | | | | | | | | | | | | | | | | This seems more intuitive to me and is what I've seen in most other language pickers. | ||
| | * | | Apply 1 suggestion(s) to 1 file(s) | feld | 2021-01-20 |
| | | | | |||
| | * | | More robust backwards compatibility | Mark Felder | 2021-01-19 |
| | | | | |||
| | * | | Support old user.deactivated and new user.is_active fields | Mark Felder | 2021-01-18 |
| | |/ | |||
| * | | fixed few-posts TLs when streaming is enabled | Henry Jameson | 2021-01-13 |
| | | | |||
| * | | fix not being able to re-enable sockets until page refresh | Henry Jameson | 2021-01-13 |
| | | | |||
| * | | add success global notice style/level | Henry Jameson | 2021-01-13 |
| |/ | |||
| * | Add report button to status ellipsis menu | Shpuld Shpuldson | 2021-01-12 |
| | | |||
 |
index : pleroma-fe.git | |
| This is a fork of pleroma's official FE. Used by vnil.de, we meow meow the meow meow with meow meow | shrik3 |
| aboutsummaryrefslogtreecommitdiff |