It's very easy to forget to add `require 'rails_helper'` at the top of every core/plugin spec file, and omissions can cause some very confusing/sporadic errors.
By setting this flag in `.rspec`, we can remove the need for `require 'rails_helper'` entirely.
This allows text editors to use correct syntax coloring for the heredoc sections.
Heredoc tag names we use:
languages: SQL, JS, RUBY, LUA, HTML, CSS, SCSS, SH, HBS, XML, YAML/YML, MF, ICS
other: MD, TEXT/TXT, RAW, EMAIL
This also switches to using the NPM package for better build stability. And adds a clearer label in the alert that is displayed to show your current timezone (when changing timezones).
New range tag for local dates with syntax like:
```
[date-range from=2022-01-06T13:00 to=2022-01-08 timezone=Australia/Sydney]
```
Previously, 2 dates in one line were considered as range. It was hard to decide if 2 dates are range when they were in separate lines or have some content between them.
New explicit tag should clearly distinguish between single date and range.
Common code from `addLocalDate` is extracted to `addSingleLocalDate`.
Both `addLocalDate` and new `addLocalRange` are using `addSingleLocalDate`.
Also, `defaultDateConfig` was extracted to have one place for all possible parameters.
Multiple polls can be created without the min attribute but that means
the attribute defaults to 1. A default of 0 does not make any sense
because it is equivalent to saying that a user is not casting any votes.
Centralizes calculations in a helper under the site header component.
This also reverts a small CSS change to the composer: since ac79c5ef,
the composer height was not including the grippie, which means that the
composer height was off by 11 pixels, and the topic progress widget was
sometimes being displayed cut off by 11 pixels.
A follow-up to #15117 and #15141. Applies the previous changes to PM-specific fields, makes the preview area take the all the available height of the composer, and unifies more spacing between composer elements.
Previously the discourse-presence plugin was using a `position: absolute` hack to display the 'replying...' users in the top right of the composer. This commit adds a more suitable plugin outlet, and updates the discourse-presence styling so it slots into the flex-box layout at the top of the composer
Skipping methods we don't use gives us mem/perf gains (minuscule but still), but more importantly fixes warnings about `Poll#open` (created by `enum :status`) conflicting with some internal AR method. 😃
`poll` plugin was publishing on `/polls/[topic_id]` every time a non-first post was created. I can't imagine this being needed. It regressed 3 years ago in https://github.com/discourse/discourse/pull/6359
* DEV: Remove spec that we no longer need.
As far as we know, the migration has been successful for a number of
years.
* FIX: Validate number of votes allowed per poll per user.
I was previously relying on `this.isDestroying` returning `true` during `willDestroyElement`. This was an incorrect assumption.
This commit refactors the logic into an explicit `cleanup` function, and also adds some cleanup for empty keys in the `subscribedProxy` array
This removes all custom controllers and redis/messagebus logic from discourse-presence, and replaces it with core's new PresenceChannel system.
All functionality should be retained. This implementation should scale much better to large numbers of users, reduce the number of HTTP requests made by clients, and reduce the volume of messages on the MessageBus.
For more information on PresenceChannel, see 31db8352
* FIX: do not display add to calendar for past dates
There is no value in saving past dates into calendar
* FIX: remove postId and move ICS to frontend
PostId is not necessary and will make the solution more generic for dates which doesn't belong to a specific post.
Also, ICS file can be generated in JavaScript to avoid calling backend.
- Stop looking up the topic title from the DOM. On long topics, the topic title may not be present. Instead, we can store the topic title in a data-title attribute during decorateCookedElement, and then access it later. This approach would also allow us to add customize titles per-local-date in future. If there is no topic title available (e.g. when local dates are used elsewhere in the UI), we use the site name to build a sensible default
- Don't require a postId for creating calendar events. We don't have postIds in non-post contexts. At the moment, the 'download ICS' function will fail without a valid postId, so that will need to be fixed in a future commit.
When there is a blank space in the end of date, moment is returning a different value:
```javascript
console.log(moment.tz("2021-09-09 ", "Australia/Sydney").toISOString());
// 2021-09-09T00:00:00.000Z
console.log(moment.tz("2021-09-09", "Australia/Sydney").toISOString());
// 2021-09-08T14:00:00.000Z
```
It allows saving local date to calendar.
Modal is giving option to pick between ics and google. User choice can be remembered as a default for the next actions.
They can use the remove vote button or select the same option again for
single choice polls.
This commit refactor the plugin to properly organize code and make it
easier to follow.
When start/end was missing the time component the string passed to `moment()` would have a space at the end. This was causing these warnings:
```
Deprecation warning: value provided is not in a recognized RFC2822 or ISO format. moment construction falls back to js Date(), which is not reliable across all browsers and versions. Non RFC2822/ISO date formats are discouraged. Please refer to http://momentjs.com/guides/#/warnings/js-date/ for more info.
```
Allows creating a bookmark with the `for_topic` flag introduced in d1d2298a4c set to true. This happens when clicking on the Bookmark button in the topic footer when no other posts are bookmarked. In a later PR, when clicking on these topic-level bookmarks the user will be taken to the last unread post in the topic, not the OP. Only the OP can have a topic level bookmark, and users can also make a post-level bookmark on the OP of the topic.
I had to do some pretty heavy refactors because most of the bookmark code in the JS topics controller was centred around instances of Post JS models, but the topic level bookmark is not centred around a post. Some refactors were just for readability as well.
Also removes some missed reminderType code from the purge in 41e19adb0d
If parent element for range does not exists, range calculator should
return empty array. In that case duration calculations will stop because
of:
```
if (_rangeElements(element).length === 2) {
opts.duration = _calculateDuration(element);
}
```
This PR is introducing 2 changes.
1. Date popup is displayed on click instead on hover
2. If the range is given then the whole range is always displayed for both startDate and endDate
3. For range, short time is displayed for end if the range is < 24 hours
This adds a new property, `pluginId` which you can pass to `modifyClass`
which prevent the class from being modified over and over again.
This also includes a fix for polls which was leaking state between tests
which this new functionality exposed.
Major changes included:
- better support for screen readers
- trapping focus in modals
- better tabbing order in composer
- alerts on no content found/number of items found
- better autofocus in modals
- mini-tag-chooser is now a multi-select component
- each multi-select-component will now display selection on one row
We are working to introduce a general core API for presence, which will clash with this plugin's `/presence` namespace
This commit introduces no functional change. There may be a slight interruption in discourse-presence functionality during a deploy of this commit.
- prefers insertAdjacentHTML over innerHTML as it's much faster in this case (about 5x)
- memoizes tz.guess()
- memoizes list of timezones
- inlines template
- applies main element class in one pass
All in all for a very edge case of about 80 dates it should be faster of about 15/20ms.
User flair was given by user's primary group. This PR separates the
two, adds a new field to the user model for flair group ID and users
can select their flair from user preferences now.
In some conditions, pages were skipped. This was implemented in the past
in f490a8d, but then reverted in 04ec543, because sometimes it was stuck
reloading the first page.
The code that loads more results was simplified and a lot of duplicate
code was removed. The logic to remove users who changed their vote was
also introduced again, but just for the regular polls.
The endpoint the existence of the poll and if the current user can see it. It
will facilitate using a poll programmatically, especially if we'd like to create an external poll through a theme component.
Partially revert f490a8d39a because we aren't able to
load more than the initially preloaded voters.
We were always trying to load the 1st page of voters.
Also removed the "remove users who changed their vote" logic as it was not properly working in multiple choices polls.
cc @nbianca
When initially released, the polls had a different design that didn't interact
well with the quote button - https://meta.discourse.org/t/31586
Now that the design has evolved, not being able to select text from inside a poll is
counter productive, so it's enabled again.
* FIX: Fetch last page again if incomplete
The next fetched page number used to increase continuously even if the
last page was incomplete and fetching it again could have new voters.
* FIX: Do not display twice a user who changed vote
A user could appear under two voting options when they changed their
vote because pressing the Load More Voters button updated only the
current option.
The warning was:
DEPRECATION WARNING: Calling `<<` to an ActiveModel::Errors message array in order to add an error is deprecated. Please call `ActiveModel::Errors#add` instead. (called from block (3 levels) in activate! at discourse/plugins/poll/plugin.rb:519)
In some very rare cases, poll options can end up with images that have
no dimensions, in which case, navigating to replies in that post stream
might result in unexpected scrolling (as the browser loads the images
and adjusts its layout).
This ensures that if width/height attributes are missing from an image,
the image is forced to display within a 200 by 200 pixels space.
Co-authored-by: David Taylor <david@taylorhq.com>
Some plugins hook into Post after save to set custom fields and save again.
For example: https://github.com/discourse/discourse-category-experts/blob/main/lib/category_experts/post_handler.rb#L27
Problem is that in case like that `raw_changed?` is false but all callback are triggered. `extracted_polls` is class atribute therefore that should be reset with each attempt.
That was causing an error:
```
#<ActiveRecord::RecordNotUnique: PG::UniqueViolation: ERROR: duplicate key value violates unique constraint
"index_polls_on_post_id_and_name" DETAIL: Key (post_id, name)=(8967, poll) already exists.
```
* Move onebox gem in core library
* Update template file path
* Remove warning for onebox gem caching
* Remove onebox version file
* Remove onebox gem
* Add sanitize gem
* Require onebox library in lazy-yt plugin
* Remove onebox web specific code
This code was used in standalone onebox Sinatra application
* Merge Discourse specific AllowlistedGenericOnebox engine in core
* Fix onebox engine filenames to match class name casing
* Move onebox specs from gem into core
* DEV: Rename `response` helper to `onebox_response`
Fixes a naming collision.
* Require rails_helper
* Don't use `before/after(:all)`
* Whitespace
* Remove fakeweb
* Remove poor unit tests
* DEV: Re-add fakeweb, plugins are using it
* Move onebox helpers
* Stub Instagram API
* FIX: Follow additional redirect status codes (#476)
Don’t throw errors if we encounter 303, 307 or 308 HTTP status codes in responses
* Remove an empty file
* DEV: Update the license file
Using the copy from https://choosealicense.com/licenses/gpl-2.0/#
Hopefully this will enable GitHub to show the license UI?
* DEV: Update embedded copyrights
* DEV: Add Onebox copyright notice
* DEV: Add MIT license, convert COPYRIGHT.txt to md
* DEV: Remove an incorrect copyright claim
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
Co-authored-by: jbrw <jamie@goatforce5.org>
We now bundle Javascript for each theme/plugin separately, and only ship bundles for enabled plugins to the client. Therefore, these disabled_plugins checks are now redundant, and can be removed.
Per https://meta.discourse.org/t/-/186896, this is a simple copy change to help curb users from sending messages to the moderators via flagging the Discobot tutorial.
Based on feedback from Matt Haughey, we don't need to use so many words when describing a deleted topic or post.
Co-authored-by: Martin Brennan <martin@discourse.org>
Over the years we accrued many spelling mistakes in the code base.
This PR attempts to fix spelling mistakes and typos in all areas of the code that are extremely safe to change
- comments
- test descriptions
- other low risk areas
When issuing the discobot certificate, we were not closing the
iframe tag, which meant that the final message instruction to
the user was swallowed up.
Some polls with images can be very long. Those which showed a pie chart
for the results had a fixed height set, which meant that some long polls
could be cut off.
* DEV: Give a nicer error when `--proxy` argument is missing
* DEV: Improve Ember CLI's bootstrap logic
Instead of having Ember CLI know which URLs to proxy or not, have it try
the URL with a special header `HTTP_X_DISCOURSE_EMBER_CLI`. If present,
and Discourse thinks we should bootstrap the application, it will
instead stop rendering and return a HTTP HEAD with a response header
telling Ember CLI to bootstrap.
In other words, any time Rails would otherwise serve up the HTML for the
Ember app, it stops and says "no, you do it."
* DEV: Support asset filters by path using a new options object
Without this, Ember CLI's bootstrap would not get the assets it wants
because the path it was requesting was different than the browser path.
This adds an optional request header to fix it.
So far this is only used by the styleguide.
* FIX: Show date picker over modal
Previously, scrolling was necessary to see the whole picker.
* FEATURE: Improve validation for polls
Adds new error messages for each of the edge cases. Previously, it
failed with a simple error saying that the minimum value must be less
than the maximum value.
* UX: Copy edit
Headings with the exact same name generated exactly the same heading
names, which was invalid. This replaces the old code for generating
names for non-English headings which were using URI encode and resulted
in unreadable headings.
When invited by email, users will receive an invite URL which contains
a token. If that token is present when the invite is redeemed, their
account will be automatically activated.
The `details_enabled` site setting description did not clearly convey what it controls.
The copy change was discussed here: https://meta.discourse.org/t/183923
- removes the option from site settings
- deletes the site setting on existing sites that have it
- marks posts using emojis as requiring a rebake
Note that the actual image files are not removed here, the plan is to
remove them in a few weeks/months (when presumably the rebaking of old
posts has been completed).
This PR fixes a bug where if you navigate from topic to another one (via suggested topics, notifications etc.), the previous topic is not unsubscribed from presence manager, which means if you visit lots of topics all the subscriptions will accumulate and can cause rate limit errors.
This bug is exposed by the loading slider we're currently experimenting with on Meta because we no longer have an intermediate state when navigating between topics which means the `willDestroyElement` hook that's responsible for unsubscribing is not called.
Previously, the `{{mobile-nav}}` component required a `currentRouteName` property, passed from the router service. It would observe changes in this property, and update the UI accordingly.
If we change between routes which have the same `currentRouteName` (e.g. two different group message inboxes), then the `currentRouteName` does not change and does not trigger the observer. Currently in core, we are relying on the fact that currentRouteName temporarily enters a `.loading` substate during a transition. This will change when we remove the loading substate in the near future.
This commit refactors `{{mobile-nav}}` to inject the router directly, and use the `routeDidChange` event instead of an observer. The change is backwards compatible, but plugins passing the old `currentPath` property will be shown a deprecation notice.
This encompasses a lot of work done over the last year, much of which
has already been merged into master. This is the final set of changes
required to get Ember CLI running locally for development.
From here on it will be bug fixes / enhancements.
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
Co-authored-by: romanrizzi <rizziromanalejandro@gmail.com>
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
Co-authored-by: romanrizzi <rizziromanalejandro@gmail.com>
This moves the way we add the user avatar and site logo
to the discobot certificates from embeded base64 png to
just using the files urls in the href to the image tag.
This will make generation faster and the certificate
smaller overall, but it can't be used in a `img` tag
anymore, since SVGs in `img` tags don't load the external images
In order to work around that we will move the certificate
in posts to an iframe, which works fine without any user
visible changes. For this to be possible the plugin automatically
adds the site current domain to the list of allowed iframe origins.
Includes:
* FIX: Don't override computed properties
* FIX: Prevent a set-after-destroy error
* FIX: Get rid of select-kit deprecations
* FIX: Replace removed admin-group-selector
* FIX: Provide onChange action to fix warnings
* FIX: Remove an element with an invalid id
* DEV: Remove topic-notifications-button from dropdowns
It has its own styleguide section under "Molecules".
* UX: Styleguide tweaks
* DEV: Make the dropdowns useable
Because the site admin is sending a message to themselves, there is only one user in the topic_allowed_users, and `.last` returns nil.
Attempt to recognize this situation and continue, or bail without doing anything if this somehow happens another way.
* DEV: Remove with_deleted workarounds for old Rails version
These workarounds using private APIs are no longer required in the latest version of Rails. The referenced issue (https://github.com/rails/rails/issues/4306) was closed in 2013. The acts_as_paranoid workaround which this was based on was removed for rails > 5.
Switching to using a scope also allows us to use it within a `belongs_to` relation (e.g. in the Poll model). This avoids issues which can be caused by unscoping all `where` clauses.
Predicates are not necessarily strings, so calling `.join(" AND ")` can sometimes cause weird errors. If we use `WhereClause#ast`, and then `.to_sql` we achieve the same thing with fully public APIs, and it will work successfully for all predicates.
We want to wrap the `Ember.run.debounce` function and internally call `Ember.run` instead when running tests.
This commit changes discourseDebounce to work the same way as `Ember.run.debounce`.
Now that `discourseDebounce` works exactly like `Ember.run.debounce`, let's replace it and only use `DiscourseDebounce` from now on.
Move debounce to discourse-common to be able to reuse it in different bundles
Keep old debounce file for backwards-compatibility
You might wonder why this matters. It turns out in some locales like
French, we replace quotation marks with « and » -- this should likely
not happen before BBCode is parsed but that is not the case for this
plugin. The plugin has code to handle this situation, but it means extra
spaces are inserted around the time zone which breaks it.
This fix allows us to supply extra whitespace and will show the correct
time zone.
Using arrow functions changes `this` context, which is undesired in tests, e.g. it makes it impossible to setup things like pretender (`this.server`) in `beforeEach` hooks.
Ember guides always use classic functions in examples (e.g. https://guides.emberjs.com/release/testing/test-types/), and that's what it uses in its own test suite, as do various addons and ember apps.
It was also already used in Discourse where `this` was required. Moving forward, it will be needed in more places as we migrate toward ember-cli.
(I might later add a custom rule to eslint-discourse-ember to enforce this)
Due to the new enhanced copy-paste handling, the URL would be included in the user's reply as code, too!
By surrounding the link in angle brackets, we prevent the bot from accidentally including the link itself and spoiling the surprise.
I considered having the bot automatically edit the user's post to remove the backticks. I very quickly ran into a problem with spurious whitespace, and it would also look _super weird_ for the bot to edit your post when that's not what's being taught.
The seemingly bare link not automatically embedding is also weird, but slightly less so.
Fun fact: this doesn't work on localhost, because the onebox engine refuses to issue requests to localhost :)
In newer Embers jQuery is removed. There is a `find` but it only returns
one element and not a jQuery selector. This patch migrates our code to a
new helper `queryAll` which allows us to remove the global.
More seriously: discobot wasn't reacting properly if users used their
emoji keyboard to insert a real herb emoji, which works just as well
in a real post.
While we're here, use String#include? instead of constructing a new regexp.
https://meta.discourse.org/t/capybaras-dont-eat-real-emojis/168361
I also took the opportunity with this commit to move some test specific
stuff out of `discourse-loader` which is loaded on the front end of the
application. The test module building now happens in the `test_helper`
bundle.
DEV: Replace instances of Discourse.base_uri with Discourse.base_path
This is clearer because the base_uri is actually just a path prefix. This continues the work started in 555f467.
This is long overdue. We had a lot of (not linted) code to initialize
our test suite as part of the Ruby `test_helper.js` bundle.
This refactor moves that out to a `setup-tests` module, which imports
all the modules properly, rather than using `require`.
It also removes the global `server` variable which some tests were using
for pretender. Those tests are fixed, and in the case of widget tests,
support for a `pretend()` was added, which mimics our acceptance tests.
One problematic test was removed, which overwrites `/posts` - this could
break tons of other tests depending on order.
We used many global functions to handle tests when they should be
imported like other libraries in our application. This also gets us
closer to the way Ember CLI prefers our tests to be laid out.
This plugin is only useful for developers, however, making it core allows us to centralize any component modification in one commit.
This integration also adds a new site_setting: `styleguide_admin_only` which allows to enable a styleguide on a live site while restricting visibility to admins only.
By default, styleguide is disabled.
Poll markdown processing failed when there were any heading elements preceding a poll.
(Issue originally reported in babbebfb35 (commitcomment-42983768))
This is where they should be as far as ember is concerned. Note this is
a huge commit and we should be really careful everything continues to
work properly.
Adds an optional title attribute to polls. The rationale for this addition is that polls themselves didn't contain context/question and relied on post body to explain them. That context wasn't always obvious (e.g. when there are multiple polls in a single post) or available (e.g. when you display the poll breakdown - you see the answers, but not the question)
As a side note, here's a word on how the poll plugin works:
> We have a markdown poll renderer, which we use in the builder UI and the composer preview, but… when you submit a post, raw markdown is cooked into html (twice), then we extract data from the generated html and save it to the database. When it's render time, we first display the cooked html poll, and then extract some data from that html, get the data from the post's JSON (and identify that poll using the extracted html stuff) to then render the poll using widgets and the JSON data.
eslint --fix is capable of fix it automatically for you, ensure prettier is run after eslint as eslint --fix could leave the code in an invalid prettier state.
This is a little bit of refactoring. Core Discourse should have default promotion message for TL2.
In addition, when the Discobot plugin is enabled, the user is invited to advanced training
This PR removes the user reminder topic timers, because that system has been supplanted and improved by bookmark reminders. The option is removed from the UI and all existing user reminder topic timers are migrated to bookmark reminders.
Migration does this:
* Get all topic_timers with status_type 5 (reminders)
* Gets all bookmarks where the user ID and topic ID match
* Loops through the found topic timers
* If there is no bookmark for the OP of the topic, then we just create a bookmark with a reminder
* If there is a bookmark for the OP of the topic and it does **not** have a reminder set, then just
update it with the topic timer reminder
* If there is a bookmark for the OP of the topic with a reminder then just discard the topic timer
* Cancels all outstanding user reminder topic timers
* **Trashes (not deletes) all user reminder topic timers**
Notes:
* For now I have left the user reminder topic timer job class in place; this is so the jobs can be cancelled in the migration. It and the specs will be deleted in the next PR.
* At a later date I will write a migration to delete all trashed user topic timers. They are not deleted here in case there are data issues and they need to be recovered.
* A future PR will change the UI of the topic timer modal to make it look more like the bookmark modal.
Previously we were manually comparing the composer 'action' to the REPLY and EDIT constants. This meant that other forms of editing (e.g. shared drafts) were not included. This commit changes the presence logic to use the existing composer computed variables.
* FIX - make Discobot new user tutorial a little more robust
Plugin allows reply, regardless of other SiteSettings
Skip image upload step if user can’t upload images, calls new ‘likes’ step instead
* Test that the images step is skipped
* Slight optimization
eg:
timezone="America/Detroit"
timezones="US/Eastern"
Before this commit we would show America/Detroit in previews and not US/Eastern, given US/Eastern and America/Detroit are equivalent.
After this commit, we will display the date with America/Detroit but show US/Eastern in the previews.
The poll breakdown modal replaces the grouped pie charts feature.
Includes:
* MODAL: Untangle `onSelectPanel`
Previously modal-tab component would call on click the onSelectPanel callback with itself (modal-tab) as `this` which severely limited its usefulness. Now showModal binds the callback to its controller.
"The PR includes a fix/change to d-modal (b7f6ec6) that hasn't been extracted to a separate PR because it's not currently possible to test a change like this in abstract, i.e. with dynamically created controllers/components in tests. The percentage/count toggle test for the poll breakdown feature is essentially a test for that d-modal modification."
Ensure that the inappropriate flag is used and not some other flag
type. If some other flag is used a message will be posted letting the
user know they used the wrong flag and the original flag will be removed
so that they can try again.
Bug reported on meta: https://meta.discourse.org/t/-/157075
Per the linked site (http://mths.be/details) and https://caniuse.com/#feat=details the <details> element is supported since Chrome 12/Safari 6/Firefox 49/Edge 79. IE 11 doesn't handle them, but we dropped the support for that browser.
Previously it would sleep for either 2 or 3 seconds instead of sleeping
between a range of 2 to 3 seconds. Also, 2 to 3 seconds seems to be
excessivly long when I tried out discobot again.
* Remove unused Discourse.SiteSettings
* Remove `Discourse.SiteSettings` from many tests
* REFACTOR: `lib:formatter` was using a lot of leaky state
* Remove more `Discourse.SiteSettings` from tests
* More SiteSettings removed from tests
When doing a migration, there might be some cases where the discobot user
doesn't have a user_option / user_profile record(s).
This ensures we always create one during the seed phase.
In French, the help trigger has a raw content of "afficher l'aider" which is then cooked into "afficher l’aide" (note the different quote character).
Since we were checking the raw content of the trigger against the cooked version of the post, this trigger never worked in French.
This changes so that we cook the trigger before checking in against the cooked version of the post.
DEV: new 'discobot_username' method that is used everywhere instead of 'discobot_user.username' / 'discobot_user.username_lower'
This reverts commit 20780a1eee.
* SECURITY: re-adds accidentally reverted commit:
03d26cd6: ensure embed_url contains valid http(s) uri
* when the merge commit e62a85cf was reverted, git chose the 2660c2e2 parent to land on
instead of the 03d26cd6 parent (which contains security fixes)
We have been using YouTube's 'hqdefault.jpg' image which works consistently to provide a 480x360 thumbnail. YouTube does provide larger thumbnails, but not consistently for every video. By using og:image, we will fetch the best resolution YouTube can provide for each video.
This commit also refactors lazy-yt to re-use the thumbnail already existing in the cooked content. This means we get lazy-loading for free, and avoid hotlinking images to YouTube (when download remote images is enabled on the site).
The thumbnails were being correctly downloaded, but the URLs were not being substituted correctly in post_process_cooked because the lazy-yt output did not include the `onebox` class.