Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-02-20 | port tootsuite/#13042 to monsterfork: Fix malformed HTML causing uncaught error | Eugen Rochko | |
Fix OEmbed preview API leaking existence of private statuses (see #12930) | |||
2020-01-20 | Original upstream merge | ThibG | |
2019-12-06 | use `self.draft` scope tag for draft posts & add draft header | multiple creatures | |
2019-11-19 | Do not share a single Redcarpet::Markdown object across threads | Thibaut Girka | |
There are apparently thread-safety issues: https://github.com/vmg/redcarpet/pull/672 | |||
2019-11-18 | Get rid of the `Formatter` cache. It isn't worth the admin headaches. | multiple creatures | |
2019-11-16 | Allow callers of `Formatter` methods to specify that formatting results ↵ | multiple creatures | |
should not be cached. | |||
2019-10-26 | fix breaking typos | multiple creatures | |
2019-10-26 | add `skip_cache` to all cached formatter methods & do not cache the results ↵ | multiple creatures | |
of emoji encoding cause they vary by user settings | |||
2019-10-26 | add `skip_cache` option to formatter & mark cached html as safe | multiple creatures | |
2019-10-12 | when somone's posting in html mode, convert newlines to html line breaks ↵ | multiple creatures | |
(resolves #12) | |||
2019-10-10 | stopped using private-use codepoints as formatting placeholders (resolves #9) | multiple creatures | |
2019-09-15 | make out-of-body tags actually out of body | multiple creatures | |
2019-09-02 | fix that weird `rt` bug | multiple creatures | |
2019-09-02 | cache results of text formatting to save resources | multiple creatures | |
2019-08-31 | add `nosr` & `sr` bangtags to mark sections of posts that should and should ↵ | multiple creatures | |
not be read by screenreaders | |||
2019-08-26 | fix pseudomentions + always link mentions | multiple creatures | |
2019-08-02 | bbcode: `[code]` produces `pre code` for `glitch-soc` compatability | multiple creatures | |
2019-07-30 | add an optional blinking cursor to console formatting | multiple creatures | |
2019-07-29 | add plain-text console formatting option | multiple creatures | |
2019-07-24 | simplify bbcode url regex | multiple creatures | |
2019-07-20 | add newlines before signature & tags for vanilladon compat | multiple creatures | |
2019-07-19 | always show out-of-body tags for better accessibility | multiple creatures | |
2019-07-17 | fix bbcode bracket workaround | multiple creatures | |
2019-07-17 | don't include parent components of scoped tags in folded tag list | multiple creatures | |
2019-07-15 | sanitize bio formatting! | multiple creatures | |
2019-07-15 | workaround bbcode parser voring brackets | multiple creatures | |
2019-07-15 | revise bbcode markup | multiple creatures | |
2019-07-15 | tag folding | multiple creatures | |
2019-05-22 | **security** - make sure local roars always get sanitized | multiple creatures | |
2019-05-21 | formatted bios + merge monsterpit markdown styles directly into glitch-soc scss | multiple creatures | |
2019-05-21 | fix bbdown newlines + format & emojify footers | multiple creatures | |
2019-05-21 | correct media reveal wording | multiple creatures | |
2019-05-21 | reimplement monsterpit bbcode and markdown extensions on top of new ↵ | multiple creatures | |
glitch-soc formatting system + bbcode feature parity + new `i:am` footer + set content type from `format` bangtag | |||
2019-05-21 | Add pseudomentions to various hosts | multiple creatures | |
2019-05-17 | Minor optimization | Thibaut Girka | |
2019-05-17 | Properly escape HTML in code blocks | Thibaut Girka | |
2019-05-17 | Fix autolinking, and newlines in code blocks | Thibaut Girka | |
Autolinking is now performed *after* the Markdown pass, by replacing HTML tags with zero-width spaces and running the twitter-text extractor as usual, except it does not auto-link URLs to avoid links in links… | |||
2019-05-17 | Add support for HTML-formatted toots | Thibaut Girka | |
2019-05-17 | Add support for markdown-formatted toots | Thibaut Girka | |
2019-05-15 | Minor performance improvements and cleanup in formatter (#10765) | ThibG | |
2019-03-28 | Rename :poll to :preloadable_poll and :owned_poll to :poll on Status (#10401) | Eugen Rochko | |
Also, fix some n+1 queries Resolve #10365 | |||
2019-03-20 | Add support for custom emojis in poll options (#10322) | ThibG | |
* Backend changes for custom emoji support in poll options * Serialize poll emojis in REST API * Render custom emojis in poll options * Render custom emoji in poll options on public pages | |||
2019-03-05 | Fix newlines in OStatus and RSS serializations (#10183) | ThibG | |
2019-03-05 | When serializing polls over OStatus, serialize poll options to text (#10160) | ThibG | |
* When serializing polls over OStatus, serialize poll options to text * Do the same for RSS feeds * Use “[ ] ” as a prefix for poll options instead of “- ” | |||
2019-02-09 | Fix URL linkifier grabbing full-width spaces and quotations (#9997) | Eugen Rochko | |
Fix #9993 Fix #5654 | |||
2019-02-09 | Only URLs extract with pre-escaped text (#9991) | Hinaloe | |
* [test] add japanese hashtag testcase * Only URLs extract with pre-escaped text ( https://github.com/tootsuite/mastodon/issues/9989 ) | |||
2019-02-02 | Allow most kinds of characters in URL query (fixes #8408) (#8447) | Jakub Mendyk | |
* Allow unicode characters in URL query strings Fixes #8408 * Alternative approach to unicode support in urls Adds PoC/idea to approch this problem. | |||
2018-11-16 | Remove intermediary arrays when creating hash maps from results (#9291) | Eugen Rochko | |
2018-10-17 | Improve support for aspects/circles (#8950) | Eugen Rochko | |
* Add silent column to mentions * Save silent mentions in ActivityPub Create handler and optimize it Move networking calls out of the database transaction * Add "limited" visibility level masked as "private" in the API Unlike DMs, limited statuses are pushed into home feeds. The access control rules between direct and limited statuses is almost the same, except for counter and conversation logic * Ensure silent column is non-null, add spec * Ensure filters don't check silent mentions for blocks/mutes As those are "this person is also allowed to see" rather than "this person is involved", therefore does not warrant filtering * Clean up code * Use Status#active_mentions to limit returned mentions * Fix code style issues * Use Status#active_mentions in Notification And remove stream_entry eager-loading from Notification | |||
2018-10-12 | Improve signature verification safeguards (#8959) | Eugen Rochko | |
* Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues |