Commit Graph

53 Commits

Author SHA1 Message Date
David Taylor
8fd46c04ea
Drop flash video onebox (#12261)
Flash was discontinued by Adobe at the end of 2020. There is no need to continue OneBox support for it
2021-03-02 17:11:14 +00:00
Martin Brennan
13c2a4886f
FEATURE: Add disable_onebox_media_download_controls hidden site setting (#12208)
Uses discourse/onebox@ff9ec90

Adds a hidden site setting called disable_onebox_media_download_controls which will add controlslist="nodownload" to video and audio oneboxes, and also to the local video and audio oneboxes within Discourse.
2021-02-25 12:39:15 +10:00
Jordan Vidrine
0116897ac9
UI: Category Onebox styling changes (#11448)
This commit adjusts the category one box styling to be more in line with the discourse categories UI.
2020-12-09 11:36:05 -06:00
jbrw
51f9a56137
FEATURE: Onebox local categories (#11311)
* FEATURE: onebox for local categories

This commit adjusts the category onebox to look more like the category boxes do on the category page.

Co-authored-by: Jordan Vidrine <jordan@jordanvidrine.com>
2020-11-25 10:53:05 +11:00
jbrw
331236d6d7
Onebox improved error handling and support for Instagram Access Tokens (#11253)
* FEATURE: display error if Oneboxing fails due to HTTP error

- display warning if onebox URL is unresolvable
- display warning if attributes are missing

* FEATURE: Use new Instagram oEmbed endpoint if access token is configured

Instagram requires an Access Token to access their oEmbed endpoint. The requirements (from https://developers.facebook.com/docs/instagram/oembed/) are as follows:

- a Facebook Developer account, which you can create at developers.facebook.com
- a registered Facebook app
- the oEmbed Product added to the app
- an Access Token
- The Facebook app must be in Live Mode

The generated Access Token, once added to SiteSetting.facebook_app_access_token, will be passed to onebox. Onebox can then use this token to access the oEmbed endpoint to generate a onebox for Instagram.

* DEV: update user agent string

* DEV: don’t do HEAD requests against news.yahoo.com

* DEV: Bump onebox version from 2.1.5 to 2.1.6

* DEV: Avoid re-reading templates

* DEV: Tweaks to onebox mustache templates

* DEV: simplified error message for missing onebox data

* Apply suggestions from code review
Co-authored-by: Gerhard Schlager <mail@gerhard-schlager.at>
2020-11-18 12:55:16 -05:00
David Taylor
a3577435f7
FEATURE: Additional control of iframes in oneboxes (#10523)
This commit adds a new site setting "allowed_onebox_iframes". By default, all onebox iframes are allowed. When the list of domains is restricted, Onebox will automatically skip engines which require those domains, and use a fallback engine.
2020-08-27 20:12:13 +01:00
Krzysztof Kotlarek
e0d9232259
FIX: use allowlist and blocklist terminology (#10209)
This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 10:23:54 +10:00
Krzysztof Kotlarek
9bff0882c3
FEATURE: Nokogumbo (#9577)
* FEATURE: Nokogumbo

Use Nokogumbo HTML parser.
2020-05-05 13:46:57 +10:00
Joffrey JAFFEUX
fd4ce6ab8f
DEV: hbs extensions are misleading in this case (#9170)
This would also prevent any linting tool to attempt to lint this incorrectly.
2020-03-11 14:42:14 +01:00
romanrizzi
f795c1b8e8 Revert "DEV: enforces ember-template-lint: no-triple-curlies (#9150)"
This reverts commit d436b600fb.

Triple curlies are still necessary for some raw templates.
2020-03-10 15:00:12 -03:00
Joffrey JAFFEUX
d436b600fb
DEV: enforces ember-template-lint: no-triple-curlies (#9150)
This pr replaces `{{{ }}}` usage by a {{html-safe}} helper. While it doesn't solve the underlying issue, it gives us a path forward without risking breaking too much existing behavior.

Also introduces an htmlSafe computed macro:

```
import { htmlSafe } from "discourse/lib/computed";

htmlDescription: htmlSafe("description")
```

Overtime {{html-safe}} usage should be removed and moved to components properties or specialized components/helpers.
2020-03-10 16:46:57 +01:00
Krzysztof Kotlarek
427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Penar Musaraj
03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Guo Xiang Tan
ad5082d969 Make rubocop happy again. 2018-06-07 13:28:18 +08:00
Régis Hanol
3be0294465 FIX: local post onebox was always pointing to 1st post 2018-02-26 16:05:35 +01:00
Sam
f028ffaf29 SECURITY: correct local onebox category checks
Also removes ugly "source_topic_id" from cooked posts

Patch was authored by @zogstrip

Signed-off-by: Sam <sam.saffron@gmail.com>
2018-02-14 10:40:46 +11:00
Maja Komel
018cb7f36b add a custom user onebox (#5542)
* add custom user onebox

* add specs
2018-01-30 11:03:08 +01:00
Régis Hanol
d6b22e6cc1 FIX: whitelist oneboxed iframes 2017-12-23 01:56:33 +01:00
Vinoth Kannan
230fec68ca FIX: Topic links onebox differently if end in / 2017-11-06 01:41:36 +05:30
Sam
5897ae945a FIX: stop using inline quote for local onebox 2017-06-27 10:57:38 -04:00
Arpit Jalan
cafe3dafcb UX: show expand button on internal topic onebox 2017-03-08 21:02:38 +05:30
Régis Hanol
ba115480ba FIX: wasn't extracting links to quoted posts 2017-02-06 14:45:04 +01:00
Sam
f932cb51f3 FIX: stop stripping local onebox links from tracker
When a onebox was made to a local topic it was not tracked using link
tracker
2017-02-01 14:21:01 -05:00
Régis Hanol
499a83270a FIX: don't onebox to IP addresses 2017-01-12 22:35:33 +01:00
Régis Hanol
197517d55e FIX: locally uploaded audio & video files should onebox even when the extension is uppercase 2016-12-15 23:21:44 +01:00
Régis Hanol
9ef724a065 FIX: self-onebox in read protected categories 2016-11-07 18:14:28 +01:00
Régis Hanol
a655e4b092 ensure we allow self oneboxing of login required sites 2016-11-03 22:48:32 +01:00
Régis Hanol
70b79328ab FIX: overwrite onebox's whitelist 2016-10-25 00:21:02 +02:00
Guo Xiang Tan
20359788dc
Rename SiteSetting#use_https to force_https. 2016-06-29 15:02:43 +08:00
Sam
e01dc54f2a UX: we should always simply use emoji codes as opposed to treating as image 2016-06-02 12:29:25 +10:00
Régis Hanol
5a75972b0b SECURITY: 2 XSSs in post gutter and local oneboxes 2016-05-14 00:37:47 +02:00
Arpit Jalan
125d9b5d2e Revert "UX: bigger title font on local oneboxed topic"
This reverts commit e492ed64ec.
2016-04-19 21:40:50 +05:30
Arpit Jalan
e492ed64ec UX: bigger title font on local oneboxed topic 2016-04-15 18:12:21 +05:30
Sam
6688dce2b8 FIX: discourse local onebox not working correctly in multisite 2016-04-13 12:19:02 +10:00
Robin Ward
621f7e0a65 FIX: Replace emoji in local oneboxes 2016-03-14 14:48:48 -04:00
Rafael dos Santos Silva
e51293d298 FIX: Local onebox on subfolder installs
This should fix oneboxing local topics when using the subfolder install feature.
2016-02-01 13:30:48 -02:00
Guo Xiang Tan
a362ad9407 FIX: Emoji in Discourse onebox is wrapped in square brackets. 2016-01-13 19:00:11 +08:00
Arpit Jalan
3a28bafc0f FEATURE: onebox internal audio or video files 2015-12-25 01:52:14 +05:30
Sam
fc2d61136d FEATURE: add context for cross topic links 2015-09-25 14:52:43 +10:00
riking
1412687112 FIX: Whoops, DiscourseLocalOnebox became DiscourseGlobalOnebox 2015-04-24 01:09:38 -07:00
riking
694ee30e86 FIX: Uploaded files could not be oneboxed 2015-04-21 23:08:29 -07:00
Robin Ward
d06d050eb7 UX: When oneboxing a topic, use the stripe category badge 2015-01-23 15:12:42 -05:00
Robin Ward
d0fb8bbcfc Instead of .js.handlebars use .hbs for handlebars templates 2014-09-26 15:23:15 -04:00
Arpit Jalan
e6c853e642 show parent and child category in oneboxes 2014-09-17 01:01:41 +05:30
Arpit Jalan
36f36f4428 hide category name for Uncategorized topics while oneboxing 2014-09-05 00:36:13 +05:30
riking
41dadcc349 Fix local onebox subcategory urls 2014-08-25 16:47:54 -07:00
Jeff Atwood
55491d98a6 remove topic-info from topic onebox for now
https://meta.discourse.org/t/discourse-oneboxes-are-not-correctly-translated/16382/2?u=codinghorror
2014-06-10 17:03:44 -07:00
Louis Rose
1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Neil Lalonde
9fba385172 FIX: don't onebox hidden posts 2014-04-28 11:03:19 -04:00