about summary refs log tree commit diff
path: root/app/lib/formatter.rb
AgeCommit message (Collapse)Author
2018-10-17Improve support for aspects/circles (#8950)Eugen Rochko
* Add silent column to mentions * Save silent mentions in ActivityPub Create handler and optimize it Move networking calls out of the database transaction * Add "limited" visibility level masked as "private" in the API Unlike DMs, limited statuses are pushed into home feeds. The access control rules between direct and limited statuses is almost the same, except for counter and conversation logic * Ensure silent column is non-null, add spec * Ensure filters don't check silent mentions for blocks/mutes As those are "this person is also allowed to see" rather than "this person is involved", therefore does not warrant filtering * Clean up code * Use Status#active_mentions to limit returned mentions * Fix code style issues * Use Status#active_mentions in Notification And remove stream_entry eager-loading from Notification
2018-10-12Improve signature verification safeguards (#8959)Eugen Rochko
* Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
2018-08-31Fix autoplay issue with spoiler tag (#8540)Renato "Lond" Cerqueira
Add tests to avoid similar issues in the future
2018-08-30Add animate custom emoji param to embed pages (#8507)Renato "Lond" Cerqueira
* Add animate custom emoji param to embed pages * Rename param, use it for avatars and gifs * Fix issues pointed by codeclimate and breaking test * Ignore brakeman warning
2018-05-06Enable custom emojis in profiles (notes, field values, display names) (#7374)Eugen Rochko
Follow-up to #6124
2018-04-27Add entity cache (#7271)Eugen Rochko
* Add entity cache Use a caching layer for mentions and custom emojis that are dynamically extracted from text. Reduce duplicate text extractions * Fix code style issue
2018-04-14Add bio fields (#6645)Eugen Rochko
* Add bio fields - Fix #3211 - Fix #232 - Fix #121 * Display bio fields in web UI * Fix output of links and missing fields * Federate bio fields over ActivityPub as PropertyValue * Improve how the fields are stored, add to Edit profile form * Add rel=me to links in fields Fix #121
2018-04-01[WIP] Enable custom emoji on account pages and in the sidebar (#6124)David Underwood
Federate custom emojis with accounts
2018-03-07Remove text requirement when media attached from statuses (#6672)Eugen Rochko
2018-01-03Don't normalize URLs in toots (#6134)ThibG
* Don't normalize URLs in toots URL normalization is ill-defined and may cause certain links to break. * Change specs since we are not normalizing user-provided URLs
2017-12-06Using double splat operator (#5859)Yamagishi Kazutoshi
2017-11-30Add semi-support for Video/Image objects in ActivityPub (#5848)Eugen Rochko
* Add semi-support for Video/Image objects in ActivityPub Video and Image objects will create corresponding status records with manually crafted text contents (title + URL) * Extract html-url-finding logic into JsonLdHelper * Fallback to id when url missing, extract supported object types
2017-11-07Avoid emojifying on invisible text (#5558)MIYAGI Hikaru
2017-10-06Fix remote profile being displayed in HTML on remote_follow (#5249)unarist
2017-10-05When processing custom emoji, ensure a non-animated version exists (#5230)Eugen Rochko
Use the non-animated version in web UI, but return both in API
2017-09-23Fix custom emojis not detected when used in content warning (#5049)Eugen Rochko
2017-09-19Fix non-local statuses are html_encoded in public_page. (#5012)Naoki Kosaka
2017-09-19Custom emoji (#4988)Eugen Rochko
* Custom emoji - In OStatus: `<link rel="emoji" name="coolcat" href="http://..." />` - In ActivityPub: `{ type: "Emoji", name: ":coolcat:", href: "http://..." }` - In REST API: Status object includes `emojis` array (`shortcode`, `url`) - Domain blocks with reject media stop emojis - Emoji file up to 50KB - Web UI handles custom emojis - Static pages render custom emojis as `<img />` tags Side effects: - Undo #4500 optimization, as I needed to modify it to restore shortcode handling in emojify() - Formatter#plaintext should now make sure stripped out line-breaks and paragraphs are replaced with newlines * Fix emoji at the start not being converted
2017-09-16Escape URL parts on formatting local status (#4975)unarist
2017-09-14Enable to recognize most kinds of characters as URL paths (#4941)ふぁぼ原
2017-08-02Don't normalize invalid domain names (#4499)TheKinrar
Fixes #4496
2017-06-04Remove some arguments of Formatter.instance.format and spec (#3541)Akihiko Odaki (@fn_aki@pawoo.net)
* Remove some arguments of Formatter.instance.format * Improve spec for Formatter
2017-05-12Prepend reblogs' wrapper content with "RT @original_author", (#3013)Eugen Rochko
so that when a reblog parse fails on another instance, it doesn't look like a misattributed/stolen text
2017-05-11Fix regressions from #2683 (#2970)Eugen Rochko
* Fix regressions from #2683 Properly format spoiler text HTML, while keeping old logic for blankness intact Process hashtags and mentions in spoiler text Format spoiler text for Atom Change "show more" toggle into a button instead of anchor Fix style regression on dropdowns for detailed statuses * Fix lint issue * Convert spoiler text to plaintext in desktop notifications
2017-05-10fix a regression introduced by e2491680e696d2c285a798ec4c66b26d2748df66 (#2966)beatrix
that caused user pages to break when showing toots with CWs
2017-05-10Handle hashtags in spoiler_texts (partial fix for #699) (#2683)R Tucker
* services: scan spoiler_text for hashtags (#699) * views: link hashtags from spoiler_texts This covers linking hashtags from within the spoiler text on the server-generated pages. * services: fix string concat going into hashtag RE Cleaner Ruby syntax, may handle immutable strings better
2017-05-09Fixed bug that timeline can not be displayed by InvalidURIError (#2947)abcang
2017-05-05use Twitter::Extractor for creating links (#2502)masarakki
2017-04-27Hotfix remote status formatting (#2543)Eugen Rochko
2017-04-27OEmbed support for PreviewCard (#2337)Eugen Rochko
* OEmbed support for PreviewCard * Improve ProviderDiscovery code failure treatment * Do not crawl links if there is a content warning, since those don't display a link card anyway * Reset db schema * Fresh migrate * Fix rubocop style issues Fix #1681 - return existing access token when applicable instead of creating new * Fix test * Extract http client to helper * Improve oembed controller
2017-04-25Decodes URL containing IDN (#2436)Yamagishi Kazutoshi
2017-04-23Add simple_format to simplified_format (#2198)178inaba
2017-04-21Fix mangling of ##tag matches (#2194) (#2247)Mingye Wang
This commit fixes hashtag_html so it correctly handles matches with multiple hash-signs. Bug located by @over9001, initial fix suggested by @nightpool.
2017-04-19Fix html escape characters in the URL (#2138)abcang
* fix character escaping in URL * add tests * put a comma after the last item * add HTML escape test
2017-04-14Change usage of gsub to delete, as per Code Climate/Rubocop recommendation ↵Effy Elden
(#1753)
2017-04-13Fix #1220, fix #1671 - Hook up comment box to the Redux comment value (#1699)Eugen
Fix username styling regression introduced in #1063 Fix report screen background regression introduced in #1415
2017-04-13Fix #1609, fix #1628 - Revert #1397 (#1700)Eugen
When transmitting data in a HTML-encoded element like <content type="html" />, relying on newlines being preserved is not wise, since HTML by itself does not care for newlines - it cares for <p> and <br> Additional fix: reset NSFW toggle after sending toot
2017-04-12significant improvement in microformats markup (#1063)Ben Roberts
* significant improvement in microformats markup This is a huge improvement and I believe will close #965. Had these microformats reviewed by others in the community to help ensure they are at least correct, if not complete. I did not want to change the structure of the page, and so there it does not fully mark up the entire ancestry chain, or reply chain, only the direct decendants and direct ancestors are correctly associated, but this is likely fine as the most important bit is to have access to the urls for those toots which are now correctly fetchable. * improve code climate * trying to pass code climate tests * code climate * fix p-summary for content warning posts * fix error introduced when merging via github
2017-04-10Keep newlines in xml (#1397)Rachel H
2017-03-28Fix #408 - link @ names in biosEugen Rochko
2017-03-04Add digest e-mailsEugen Rochko
2017-02-23Improve glowEugen Rochko
2017-02-22Fix #555 - Use a better URL parserEugen Rochko
2017-02-05Fix showing ellipsis even when link hasn't been cut offEugen Rochko
2017-01-25Instead of using spoiler boolean and spoiler_text, simply check for ↵Eugen Rochko
non-blank spoiler_text Federate spoiler_text using warning attribute on <content /> instead of a <category term="spoiler" /> Clean up schema file from accidental development migrations
2017-01-24Merge branch 'master' into masterEugen
2017-01-24Fix #204, fix #515 - URL truncating is now a style so copypasting is notEugen Rochko
affected, replaced onClick handler with onMouseUp/Down to detect text selection not trigger onClick handler then
2017-01-23Implement a click-to-view spoiler systemblackle
2017-01-23Fix #365, 1/2 of #408 - replace rails_autolink with URI.regexp, run ↵Eugen Rochko
link_hashtags on simplified_format
2016-12-11Fix whitespace preservation in status textEugen Rochko