mastodon - Plural Café fork of Mastodon/Glitch Social

Age	Commit message (Collapse)	Author
2020-10-19	Add support for Gemini urls (#15013)	Josh Leeb-du Toit
	This PR updates the `valid_url` regex and sanitizer allowlist to provide support for Gemini urls. Closes #14991
2020-02-08	Fix rendering `<a>` without `href` when scheme unsupported (#13040)	Eugen Rochko
	- Disallow links with relative paths - Disallow iframes with non-http protocols and relative paths Close #13037
2020-01-23	Add support for magnet: URIs (#12905)	ThibG

2020-01-11	Add support for linking XMPP URIs in toots (#12709)	ThibG
	* Fix wrong grouping in Twitter valid_url regex * Add support for xmpp URIs Fixes #9776 The difficult part is autolinking, because Twitter-text's extractor does some pretty ad-hoc stuff to find things that “look like” URLs, and XMPP URIs do not really match the assumptions of that lib, so it doesn't sound wise to try to shoehorn it into the existing regex. This is why I used a specific regex (very close, although slightly more permissive than the RFC), and a specific scan function (a simplified version of the generalized one from Twitter). * Remove leading “xmpp:” from auto-linked text
2019-10-24	Add noopener and/or noreferrer (#12202)	BSKY

2019-07-19	Fix sanitizing lists contents (#11354)	ThibG
	* Add test * Fix code for sanitizing nested lists stripping all tags
2019-06-16	Fix sanitizer making block level elements unreadable (#10836)	Eugen Rochko
	Fix #10834
2018-07-16	Whitelist dat/ipfs/gopher links in sanitizer (#8034)	Eugen Rochko
	Fix #7994
2018-01-03	[!] Sanitize incoming classlist properly (#6162)	puckipedia
	* Sanitize classlist properly * Actually properly sanitize every class after the first * Improve Formatter spec to check for multiple classes and non-space whitespace
2017-06-17	Whitelist allowed classes for federated statuses (#3810)	nightpool
	* Whitelist allowed classes for federated statuses Allowed classes are currently: - Any microformats class (h/p/u/dt/e-) - the classes mention, hashtag, ellipses and invisible. this last one is somewhat suspect, but Mastodon currently uses it to render hidden link text. resolved #3790 Fix code style
2017-06-07	Allow "class" attribute on the "a" tag in sanitization (#3623)	unarist
	This preserves `<a ... class="u-url mention">` from other Mastodon instances.
2017-05-11	Fix #1426 - Trim long usernames in public follower/following lists (#2993)	Eugen Rochko
	Fix #2221 - Catch OpenSSL exceptions when loading remote avatars/headers/attachments Don't strip "rel" attribute from <a> tags when sanitizing (microformats)
2017-04-30	Add target=_blank to user note (#2622)	Yamagishi Kazutoshi
	* Add target=_blank to user note Open new window when click link from user profile in remote instance. * fix rubocop
2017-04-27	OEmbed support for PreviewCard (#2337)	Eugen Rochko
	* OEmbed support for PreviewCard * Improve ProviderDiscovery code failure treatment * Do not crawl links if there is a content warning, since those don't display a link card anyway * Reset db schema * Fresh migrate * Fix rubocop style issues Fix #1681 - return existing access token when applicable instead of creating new * Fix test * Extract http client to helper * Improve oembed controller