about summary refs log tree commit diff
path: root/app/lib/formatter.rb
AgeCommit message (Collapse)Author
2020-03-24Make sanitizer *not* add no-referrer etc. in local markdown toots if the ↵Thibaut Girka
link is “safe”
2020-03-24Fix glitch-soc marking every link in toots as a tagThibaut Girka
Fixes #1281
2020-02-09Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `Gemfile`: We updated httplog in a separate commit. Took upstream's change which updated it further. - `Gemfile.lock`: We updated httplog in a separate commit. Took upstream's change which updated it further. - `app/lib/sanitize_config.rb`: Upstream added better unsupported link stripping, while we had different sanitizing configs. Took only upstream's link stripping code. - `config/locales/simple_form.pl.yml`: Strings unused in glitch-soc had been removed from glitch-soc, reintroduced them even if they are not useful, to reduce the risk of later merge conflicts.
2020-02-07Fix malformed HTML causing uncaught error (#13042)Eugen Rochko
Fix OEmbed preview API leaking existence of private statuses (see #12930)
2020-01-24Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/statuses_controller.rb`: Minor conflict due to theming system
2020-01-23Add support for magnet: URIs (#12905)ThibG
2020-01-12Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `Gemfile.lock`: No real conflict, glitch-soc-only dependency (redcarpet) too close to an upstream one (rdf-normalize) - `README.md`: we have different READMEs, discarded upstream's changes - `app/views/admin/custom_emojis/index.html.haml`: No real conflict, different context because of glitch-soc theming - `lib/mastodon/statuses_cli.rb`: Upstream added code to keep bookmarked statuses, we were already doing so with slightly different code. Discarded upstream's changes. - `package.json`: No real conflict, glitch-soc-only dependency (favico.js) too close to an upstream one
2020-01-11Add support for linking XMPP URIs in toots (#12709)ThibG
* Fix wrong grouping in Twitter valid_url regex * Add support for xmpp URIs Fixes #9776 The difficult part is autolinking, because Twitter-text's extractor does some pretty ad-hoc stuff to find things that “look like” URLs, and XMPP URIs do not really match the assumptions of that lib, so it doesn't sound wise to try to shoehorn it into the existing regex. This is why I used a specific regex (very close, although slightly more permissive than the RFC), and a specific scan function (a simplified version of the generalized one from Twitter). * Remove leading “xmpp:” from auto-linked text
2019-10-27Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - README.md - app/helpers/statuses_helper.rb Upstream moved account helpers to their own file, we had extra helpers there, moved too. - app/lib/sanitize_config.rb - app/models/user.rb - app/serializers/initial_state_serializer.rb - config/locales/simple_form.en.yml - spec/lib/sanitize_config_spec.rb
2019-10-24Add noopener and/or noreferrer (#12202)BSKY
2019-09-13Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - Gemfile - app/controllers/api/v1/search_controller.rb Conflict because we changed the number of default results to be configurable - app/lib/settings/scoped_settings.rb Addition of a new “noindex” site-wide setting, conflict due to our change of the two other site-wide settings (default flavour and skin instead of theme) - spec/controllers/application_controller_spec.rb Addition of a new “noindex” site-wide setting, conflict due to our change of the two other site-wide settings (default flavour and skin instead of theme)
2019-09-09Add account bio to account admin view (#11473)ThibG
* Add account bio to account admin view * Change styling to make bio fields / content more readable
2019-08-07Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/models/user.rb - app/serializers/initial_state_serializer.rb - app/views/admin/dashboard/index.html.haml - config/locales/simple_form.en.yml
2019-08-07Fix non-lowercase hashtags not being picked up by the streaming API (#11508)Eugen Rochko
Regression from f371b32 Fix hashtag links always being lowercase
2019-07-23Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/application_controller.rb - app/controllers/auth/confirmations_controller.rb - app/controllers/auth/sessions_controller.rb - app/controllers/settings/deletes_controller.rb - app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
2019-07-21Play animated custom emoji on hover (#11348)ThibG
* Play animated custom emoji on hover in status * Play animated custom emoji on hover in display names * Play animated custom emoji on hover in bios/bio fields * Add support for animation on hover on public pages emojis too * Fix tests * Code style cleanup
2019-07-19Fix HTML entities being encoded as hashtag links…Thibaut Girka
2019-07-19Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - Gemfile.lock - app/controllers/accounts_controller.rb - app/controllers/admin/dashboard_controller.rb - app/controllers/follower_accounts_controller.rb - app/controllers/following_accounts_controller.rb - app/controllers/remote_follow_controller.rb - app/controllers/stream_entries_controller.rb - app/controllers/tags_controller.rb - app/javascript/packs/public.js - app/lib/sanitize_config.rb - app/models/account.rb - app/models/form/admin_settings.rb - app/models/media_attachment.rb - app/models/stream_entry.rb - app/models/user.rb - app/serializers/initial_state_serializer.rb - app/services/batched_remove_status_service.rb - app/services/post_status_service.rb - app/services/process_mentions_service.rb - app/services/reblog_service.rb - app/services/remove_status_service.rb - app/views/admin/settings/edit.html.haml - config/locales/simple_form.pl.yml - config/settings.yml - docker-compose.yml
2019-07-07Remove Atom feeds and old URLs in the form of `GET /:username/updates/:id` ↵Eugen Rochko
(#11247)
2019-06-18Fix rendering of emoji in public pagesThibaut Girka
2019-05-23Do not share a single Redcarpet::Markdown object across threadsThibaut Girka
There are apparently thread-safety issues: https://github.com/vmg/redcarpet/pull/672
2019-05-21Fix local text/html toots not being sanitizedThibaut Girka
2019-05-17Minor optimizationThibaut Girka
2019-05-17Properly escape HTML in code blocksThibaut Girka
2019-05-17Fix autolinking, and newlines in code blocksThibaut Girka
Autolinking is now performed *after* the Markdown pass, by replacing HTML tags with zero-width spaces and running the twitter-text extractor as usual, except it does not auto-link URLs to avoid links in links…
2019-05-17Add support for HTML-formatted tootsThibaut Girka
2019-05-17Add support for markdown-formatted tootsThibaut Girka
2019-05-15Minor performance improvements and cleanup in formatter (#10765)ThibG
2019-03-28Rename :poll to :preloadable_poll and :owned_poll to :poll on Status (#10401)Eugen Rochko
Also, fix some n+1 queries Resolve #10365
2019-03-20Add support for custom emojis in poll options (#10322)ThibG
* Backend changes for custom emoji support in poll options * Serialize poll emojis in REST API * Render custom emojis in poll options * Render custom emoji in poll options on public pages
2019-03-05Fix newlines in OStatus and RSS serializations (#10183)ThibG
2019-03-05When serializing polls over OStatus, serialize poll options to text (#10160)ThibG
* When serializing polls over OStatus, serialize poll options to text * Do the same for RSS feeds * Use “[ ] ” as a prefix for poll options instead of “- ”
2019-02-09Fix URL linkifier grabbing full-width spaces and quotations (#9997)Eugen Rochko
Fix #9993 Fix #5654
2019-02-09 Only URLs extract with pre-escaped text (#9991)Hinaloe
* [test] add japanese hashtag testcase * Only URLs extract with pre-escaped text ( https://github.com/tootsuite/mastodon/issues/9989 )
2019-02-02Allow most kinds of characters in URL query (fixes #8408) (#8447)Jakub Mendyk
* Allow unicode characters in URL query strings Fixes #8408 * Alternative approach to unicode support in urls Adds PoC/idea to approch this problem.
2018-11-16Remove intermediary arrays when creating hash maps from results (#9291)Eugen Rochko
2018-10-17Improve support for aspects/circles (#8950)Eugen Rochko
* Add silent column to mentions * Save silent mentions in ActivityPub Create handler and optimize it Move networking calls out of the database transaction * Add "limited" visibility level masked as "private" in the API Unlike DMs, limited statuses are pushed into home feeds. The access control rules between direct and limited statuses is almost the same, except for counter and conversation logic * Ensure silent column is non-null, add spec * Ensure filters don't check silent mentions for blocks/mutes As those are "this person is also allowed to see" rather than "this person is involved", therefore does not warrant filtering * Clean up code * Use Status#active_mentions to limit returned mentions * Fix code style issues * Use Status#active_mentions in Notification And remove stream_entry eager-loading from Notification
2018-10-12Improve signature verification safeguards (#8959)Eugen Rochko
* Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
2018-08-31Fix autoplay issue with spoiler tag (#8540)Renato "Lond" Cerqueira
Add tests to avoid similar issues in the future
2018-08-30Add animate custom emoji param to embed pages (#8507)Renato "Lond" Cerqueira
* Add animate custom emoji param to embed pages * Rename param, use it for avatars and gifs * Fix issues pointed by codeclimate and breaking test * Ignore brakeman warning
2018-05-06Enable custom emojis in profiles (notes, field values, display names) (#7374)Eugen Rochko
Follow-up to #6124
2018-04-27Add entity cache (#7271)Eugen Rochko
* Add entity cache Use a caching layer for mentions and custom emojis that are dynamically extracted from text. Reduce duplicate text extractions * Fix code style issue
2018-04-14Add bio fields (#6645)Eugen Rochko
* Add bio fields - Fix #3211 - Fix #232 - Fix #121 * Display bio fields in web UI * Fix output of links and missing fields * Federate bio fields over ActivityPub as PropertyValue * Improve how the fields are stored, add to Edit profile form * Add rel=me to links in fields Fix #121
2018-04-01[WIP] Enable custom emoji on account pages and in the sidebar (#6124)David Underwood
Federate custom emojis with accounts
2018-03-07Remove text requirement when media attached from statuses (#6672)Eugen Rochko
2018-01-03Don't normalize URLs in toots (#6134)ThibG
* Don't normalize URLs in toots URL normalization is ill-defined and may cause certain links to break. * Change specs since we are not normalizing user-provided URLs
2017-12-06Using double splat operator (#5859)Yamagishi Kazutoshi
2017-11-30Add semi-support for Video/Image objects in ActivityPub (#5848)Eugen Rochko
* Add semi-support for Video/Image objects in ActivityPub Video and Image objects will create corresponding status records with manually crafted text contents (title + URL) * Extract html-url-finding logic into JsonLdHelper * Fallback to id when url missing, extract supported object types
2017-11-07Avoid emojifying on invisible text (#5558)MIYAGI Hikaru
2017-10-06Fix remote profile being displayed in HTML on remote_follow (#5249)unarist