discourse-placeholder-theme-component

discourse/discourse-placeholder-theme-component

mirror of synced 2026-05-22 21:53:17 +00:00

Author	SHA1	Message	Date
dependabot[bot]	83d5f2f914	Build(deps): bump micromatch from 4.0.5 to 4.0.8 (#41 ) Bumps [micromatch](https://github.com/micromatch/micromatch) from 4.0.5 to 4.0.8. - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/micromatch/compare/4.0.5...4.0.8) --- updated-dependencies: - dependency-name: micromatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-09-01 12:43:49 +02:00
David Taylor	569b566d38	FIX: Multiple placeholders in a single post (#40 ) The changes in `948634fe31` meant that only the most-recently-changed placeholder is actually applied. This commit refactors things so that we store all placeholder values in JS, and then apply them all in a single pass over the DOM. As well as fixing the bug, this should be a significant perf improvement for posts with lots of placeholders Also introduces some simple system specs. --------- Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>	2024-08-29 12:37:21 +01:00
David Taylor	cbea5f6471	DEV: Update compatibility file	2024-08-29 10:16:48 +01:00
David Taylor	948634fe31	SECURITY: Apply transformations to text nodes only Previously, the replacement system would modify raw HTML, which is prone to issues and vulnerabilities. With this commit, we iterate over text nodes only, and do simple string replacements on their content. That means that the user input never gets passed into an HTML parser, and there is no chance of injection attacks. The re-rendering system is also simplified to store the original value for re-use later, instead of mapping position/length of replacements. This does mean the behavior is changed slightly. Replacements will no longer be applied to html attributes (e.g `a[href]`). If this affects your use-case, please let us know [on Meta](https://meta.discourse.org/t/113533). This is a followup to the fix in `a62f711d56`	2024-08-29 10:15:53 +01:00
Joffrey JAFFEUX	a62f711d56	SECURITY: properly escape user input (#38 ) We were failing to correctly escape content which we would then inject in the HTML of the post causing an XSS. Note this XSS is stopped by CSP.	2024-08-20 18:06:58 +02:00
Discourse Translator Bot	57045bc9e5	Update translations (#37 )	2024-08-20 17:54:48 +02:00
Discourse Translator Bot	5e61e49ef5	Update translations (#36 )	2024-08-13 16:34:43 +02:00
Natalie Tay	2a1f703999	DEV: Pin theme for Discourse < 3.4.0.beta1-dev (#35 )	2024-08-02 17:47:11 +08:00
Discourse Translator Bot	c7c7c99a6c	Update translations (#34 )	2024-07-09 23:12:28 +02:00
dependabot[bot]	34e52524ec	Build(deps): bump braces from 3.0.2 to 3.0.3 (#33 ) Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-06-20 11:33:33 +02:00
Discourse Translator Bot	139284225f	Update translations (#32 )	2024-06-18 15:41:02 +02:00
Discourse Translator Bot	154059ba14	Update translations (#31 )	2024-06-11 17:22:13 +02:00
Discourse Translator Bot	687b0e4798	DEV: Add Crowdin support (#30 )	2024-06-11 13:37:43 +02:00
JimmyJammyDodger	bd6e5beee9	Update about.json (#29 )	2024-06-09 10:09:13 +01:00
David Taylor	a319c0baa1	DEV: Update linting (#28 )	2024-03-27 18:55:28 +01:00
Selase Krakani	51df0ef4a6	DEV: Pin theme for Discourse < 3.3.0.beta1-dev (#27 )	2024-02-29 12:59:20 -07:00
Jarek Radosz	05a727efd5	DEV: Use the new modal api (#26 )	2023-12-05 23:15:32 +01:00
Alan Guo Xiang Tan	344f4dd0ea	DEV: Switch to new addComposerToolbarPopupMenuOption plugin API (#25 ) Why this change? `api.addToolbarPopupMenuOptionsCallback` has been deprecated in https://github.com/discourse/discourse/commit/913fd3a7b392b492f6344102577960a6eada00ce	2023-10-23 08:08:57 +08:00
dependabot[bot]	3ca2000263	Build(deps): bump @babel/traverse from 7.20.10 to 7.23.2 (#24 ) Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.20.10 to 7.23.2. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-18 12:58:02 -04:00
Penar Musaraj	fb1cf21616	DEV: Pin theme for Discourse 3.1 stable (#23 )	2023-08-22 14:03:25 -05:00
dependabot[bot]	322db3406e	Build(deps): bump word-wrap from 1.2.3 to 1.2.4 (#22 ) Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4) --- updated-dependencies: - dependency-name: word-wrap dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-19 01:01:08 +02:00
dependabot[bot]	7b73d87557	Build(deps): bump semver from 6.3.0 to 6.3.1 (#21 ) Bumps [semver](https://github.com/npm/node-semver) from 6.3.0 to 6.3.1. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](https://github.com/npm/node-semver/compare/v6.3.0...v6.3.1) --- updated-dependencies: - dependency-name: semver dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-12 14:13:36 +02:00
Bastiaan Quast	20f155de34	plugin-> theme component (#20 )	2023-02-04 15:57:50 +01:00
discoursebot	f0fcd8b357	DEV: Update CI workflows (#18 ) Co-authored-by: discoursebuild <build@discourse.org>	2023-01-10 19:30:47 +00:00
David Taylor	8fe8b1d4d1	DEV: Update eslint-config-discourse, use prettier for hbs (#17 )	2023-01-04 13:46:24 +01:00
dependabot[bot]	e7ec81230a	Build(deps): bump json5 from 2.2.1 to 2.2.2 (#16 ) Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.2. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](https://github.com/json5/json5/compare/v2.2.1...v2.2.2) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-30 22:50:29 -05:00
discoursebot	b26276efa2	DEV: Update CI workflows (#15 ) Co-authored-by: discoursebuild <build@discourse.org>	2022-12-30 22:40:36 -05:00
discoursebot	8e7d40c23e	DEV: Update CI workflows (#14 ) Co-authored-by: discoursebuild <build@discourse.org>	2022-11-07 14:14:16 -06:00
Jan Cernik	3918061c50	DEV: Replace bootbox alert dialog (#13 )	2022-10-31 08:04:38 -03:00
Joffrey JAFFEUX	be75773375	FIX: fully rely on keyValueStore to prevent error (#12 ) * FIX: fully rely on keyValueStore to prevent error The component was generating errors for some users due to direct access to `localStorage`: ``` TypeError: Cannot convert undefined or null to object at Function.keys (<anonymous>) at Object.expireOldValues (https://d3bpeqsaub0i6y.cloudfront.net/theme-javascripts/33bf35dc19b970a42f8c1e7d57d8cc72d6205bbd.js?__ws=meta.discourse.org:157:14) at Object.initialize (https://d3bpeqsaub0i6y.cloudfront.net/theme-javascripts/33bf35dc19b970a42f8c1e7d57d8cc72d6205bbd.js?__ws=meta.discourse.org:193:12) at o.initialize (https://d11a6trkgmumsb.cloudfront.net/assets/discourse-2bd9a9aa6b5c9cbee990a03159f5bff41fe503fe74814c3b66b3770876913dd5.gz.js:68:38) ``` This commits removes old unnecessary code using cookies and uses latest API from core `removeKeys`. Old discourse instances will just not evict old keys which is a minor annoyance. * linting	2022-08-22 00:25:50 +02:00
Jarek Radosz	faf88c2209	DEV: Fix `key-value-store:main` deprecation (#11 )	2022-08-13 22:40:11 +02:00
Jarek Radosz	ba7ca9e588	DEV: Fix typo (#10 )	2022-08-13 22:39:58 +02:00
Jarek Radosz	1c4f5b1a99	DEV: Add CI setup and fix linting issues (#9 )	2022-06-18 21:27:31 +02:00
dependabot[bot]	c9dde66727	Build(deps): bump minimist from 1.2.5 to 1.2.6 (#8 ) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-03-31 11:53:13 +02:00
David Taylor	9a002eed80	FIX: Dropdowns following recent refactoring (#7 )	2022-01-13 16:48:07 -08:00
David Taylor	9882e993c5	DEV: Remove JQuery	2022-01-13 13:02:06 +00:00
David Taylor	468cf81fd2	DEV: Migrate to local storage Setting cookies means that they're sent in the request headers for every HTTP request. This will have a (tiny) impact on performance, plus it can raise privacy concerns. Using localStorage is more appropriate for this use case. This commit includes migration logic for any previously-saved values. Previously the cookies were set to last for the 'session'. localStorage doesn't have an expiration mechanism, so this commit implements a 7-day expiration on the values.	2022-01-13 13:02:06 +00:00
David Taylor	6c43321b28	DEV: Apply prettier, remove es6 extension	2022-01-13 13:02:06 +00:00
Jarek Radosz	3adf5b8300	DEV: Use `cookie` imports (#5 ) Fixes deprecation warnings.	2021-10-28 19:40:25 +02:00
Robin Ward	bd544c3f38	FIX: `modifyClass` deprecation (#3 )	2021-09-03 13:43:45 -04:00
jjaffeux	19fcc3210c	UX: makes texts more readable	2021-06-01 11:38:29 +02:00
jjaffeux	3f0a5f7802	FIX: uses var for dark-light-choose	2021-06-01 11:37:12 +02:00
jjaffeux	3d0d4f2ca2	FIX: updates blend to use var	2021-06-01 11:34:59 +02:00
jjaffeux	248121c094	FIX: uses var for colors	2021-06-01 11:31:53 +02:00
dependabot[bot]	8ef85fc7d1	Build(deps): bump lodash from 4.17.19 to 4.17.21 (#2 ) Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-05-11 10:28:24 -04:00
tshenry	6a3852e373	Update about.json	2021-03-04 16:22:57 -08:00
dependabot[bot]	8e41644cd5	Build(deps): bump lodash from 4.17.15 to 4.17.19 (#1 ) Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2020-07-20 12:05:05 -04:00
jjaffeux	222e50bacb	FIX: ensures we can rewrite links This selector was too specific and would end up catching a directlyt wich would result in innerHTML being the text of the link and not the full link.	2020-04-24 11:19:36 +02:00
jjaffeux	81bbc2080a	removes links and clear placeholders for now It works well, but is too much noise for the value	2020-04-22 12:41:42 +02:00
jjaffeux	e49d7411e5	FIX: better detection of default value	2020-04-20 20:39:54 +02:00

1 2

65 Commits