Commit Graph

402 Commits

Author SHA1 Message Date
Martin Brennan
8ebd5edd1e
DEV: Rename secure_media to secure_uploads (#18376)
This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality.

This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site.

Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing.

This also keeps compatibility with the `secure-media-uploads` path, and changes new
secure URLs to be `secure-uploads`.

Deprecated settings:

* secure_media -> secure_uploads
* secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails
* secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-29 09:24:33 +10:00
Keegan George
a23d19fab0
DEV: Emoji picker keyboard accessibility updates (#18331)
This PR makes some updates to the prior keyboard accessibility commit (eb98746):
- Makes `tabindex` attribute only appear on emoji markup in the emoji picker.
- After pressing the Esc key, focus returns to the <textarea/> input (composer editor or chat input)
2022-09-22 15:21:34 -07:00
Keegan George
eb987460f2
FEATURE: Select emojis in picker via keyboard (#18163)
* DEV: Make emoji elements focusable

Since emoji elements are of type `<img>` it requires a `tablindex="0"` in order to be focusable.

* WIP: Handle emoji focus/selection via arrow keys

Near completion, however, need a few fixes/improvements and overall code cleanup

* WIP: Testing

* DEV: Fixes and cleanup

* DEV: Follow conventions

* DEV: Improve up/down traversal when recents present

* DEV: Emoji markup in tests should include `tabindex`

* DEV: Add `tabindex` to topic tests

* DEV: Variable name as `searchInput` instead of `searchBar`

* DEV: Use appropriate method name (`_setNumEmojiPerRow`)

* DEV: Add comments and avoid nested if

* WIP: Adding test

* Fix first test

* DEV: Add assertions for arrow keys and escape key

* Some fixes for up/down navigation

This does not fix everything, when going from one section to another,
there are issues

* Fix a small regression

* FIX: Ability to focus on search results

Fixes regression

* Refactor calculating next up/down emoji

* Debugging test failure

* Skip stubborn CI test, add others

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2022-09-21 13:21:36 -07:00
Gerhard Schlager
f91426a7fa
FIX: Empty inline BBCodes were broken (#18276)
Upgrading to Markdown.it v13 broke empty inline BBCodes. This works around the problem by adding an empty token before a closing token if the previous token was a BBCode token.

It also removes the unused `jump` attribute which was removed in Markdown.it v12.3
2022-09-20 09:50:22 +10:00
dependabot[bot]
327ca5b839
Build(deps): Bump webpack in /app/assets/javascripts (#18214)
Bumps [webpack](https://github.com/webpack/webpack) from 5.73.0 to 5.74.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.73.0...v5.74.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-11 22:35:55 +02:00
dependabot[bot]
725b585a43
Build(deps): Bump ember-cli-htmlbars in /app/assets/javascripts (#18212) 2022-09-11 14:53:34 +02:00
dependabot[bot]
83b147aab2
Build(deps): Bump xss from 1.0.13 to 1.0.14 in /app/assets/javascripts (#18191)
Bumps [xss](https://github.com/leizongmin/js-xss) from 1.0.13 to 1.0.14.
- [Release notes](https://github.com/leizongmin/js-xss/releases)
- [Changelog](https://github.com/leizongmin/js-xss/blob/master/CHANGELOG.md)
- [Commits](https://github.com/leizongmin/js-xss/compare/v1.0.13...v1.0.14)

---
updated-dependencies:
- dependency-name: xss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-11 11:58:16 +02:00
Peter Wagenet
d0cbc61619
DEV: Add jsconfig (#17800)
This enables intelligent IDE features like "Go To Reference" to function correctly within the Discourse core codebase
2022-08-04 22:50:47 +01:00
Ghassan Maslamani
2d6bd30dd8
FEATURE: add image delete button in preview. (#17624)
This commit adds a delete button to the composer preview next to the image scale buttons.

Reference: https://meta.discourse.org/t/image-remover-button-to-composer-preview/233005
2022-08-04 16:33:23 -04:00
David Taylor
4bf9b73296
DEV: Ensure censorFn copes with null regexpList (#17754)
This fixes the test suite failures introduced by 862007fb18
2022-08-02 11:09:51 +01:00
Selase Krakani
862007fb18
FEATURE: Add support for case-sensitive Watched Words (#17445)
* FEATURE: Add case-sensitivity flag to watched_words

Currently, all watched words are matched case-insensitively. This flag
allows a watched word to be flagged for case-sensitive matching.
To allow allow for backwards compatibility the flag is set to false by
default.

* FEATURE: Support case-sensitive creation of Watched Words via API

Extend admin creation and upload of Watched Words to support case
sensitive flag. This lays the ground work for supporting
case-insensitive matching of Watched Words.

Support for an extra column has also been introduced for the Watched
Words upload CSV file. The new column structure is as follows:

 word,replacement,case_sentive

* FEATURE: Enable case-sensitive matching of Watched Words

WordWatcher's word_matcher_regexp now returns a list of regular
expressions instead of one case-insensitive regular expression.

With the ability to flag a Watched Word as case-sensitive, an action
can have words of both sensitivities.This makes the use of the global
Regexp::IGNORECASE flag added to all words problematic.

To get around platform limitations around the use of subexpression level
switches/flags, a list of regular expressions is returned instead, one for each
case sensitivity.

Word matching has also been updated to use this list of regular expressions
instead of one.

* FEATURE: Use case-sensitive regular expressions for Watched Words

Update Watched Words regular expressions matching and processing to handle
the extra metadata which comes along with the introduction of
case-sensitive Watched Words.

This allows case-sensitive Watched Words to matched as such.

* DEV: Simplify type casting of case-sensitive flag from uploads

Use builtin semantics instead of a custom method for converting
string case flags in uploaded Watched Words to boolean.

* UX: Add case-sensitivity details to Admin Watched Words UI

Update Watched Word form to include a toggle for case-sensitivity.
This also adds support for, case-sensitive testing and matching of  Watched Word
in the admin UI.

* DEV: Code improvements from review feedback

 - Extract watched word regex creation out to a utility function
 - Make JS array presence check more explicit and readable

* DEV: Extract Watched Word regex creation to utility function

Clean-up work from review feedback. Reduce code duplication.

* DEV: Rename word_matcher_regexp to word_matcher_regexp_list

Since a list is returned now instead of a single regular expression,
change `word_matcher_regexp` to `word_matcher_regexp_list` to better communicate
this change.

* DEV:  Incorporate WordWatcher updates from upstream

Resolve conflicts and ensure apply_to_text does not remove non-word characters in matches
that aren't at the beginning of the line.
2022-08-02 10:06:03 +02:00
Jarek Radosz
ff16ba1fc0
DEV: Update @embroider/test-setup (#17625) 2022-07-24 17:29:21 +02:00
David Taylor
13bc2f1f39 DEV: Upgrade to Ember 3.28 2022-07-19 10:00:59 +01:00
Andrei Prigorshnev
48e2caf7b7
DEV: emoji helper: add the ability to set custom title (#17517) 2022-07-18 21:51:19 +04:00
Jarek Radosz
057d6b406d
DEV: Extensively use includes() (#17541)
Also, the change in insert-hyperlink (from `this.linkUrl.indexOf("http") === -1` to `!this.linkUrl.startsWith("http")`) was intentional fix: we don't want to prevent users from looking up topics with http in their titles.
2022-07-17 20:48:36 +02:00
Jarek Radosz
5f7163b5bb
DEV: Extensively use startsWith() (#17540) 2022-07-17 20:16:39 +02:00
Jarek Radosz
5538b8442e
DEV: Introduce discourseLater (#17532)
A wrapper for `later()` from `@ember/runloop`, similar to `discourseDebounce`. It automatically reduces the delay in testing environment.
2022-07-17 00:50:49 +02:00
Jarek Radosz
365f558bda
DEV: Update ember-resolver (#17432) 2022-07-11 22:52:01 +02:00
Jarek Radosz
006de01943
DEV: Update ember-cli-handlebars (#17429) 2022-07-11 22:25:40 +02:00
Jarek Radosz
c3fd91670e
DEV: Update linting setup and fix issues (#17345)
Re-lands #16119 and #17298

* Update eslint-config-discourse
* Update linting workflow
* Prettier-ignore stuff
* Update template-lint config
* Auto-fix template issues
* Fix various template issues
  Mostly incorrect attributes and unused templates
* Prettier js files
* Fix template auto-fix regressions
* Small css tweak

Co-authored-by: Peter Wagenet <peter.wagenet@gmail.com>
2022-07-06 10:37:54 +02:00
Rafael dos Santos Silva
9833b59b70
FEATURE: Allow iframe allow attribute in posts (#17291)
This is used so iframes can use mic, camera, EME, etc.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy#directives
lists current possible values

Feature request https://meta.discourse.org/t/iframe-attributes-not-working/127383?u=falco
2022-07-05 12:25:27 -03:00
Gerhard Schlager
2d6ef232a7
FIX: Markdown handling failed on empty attribute value (#17199)
Seems to only be a problem when a markdown.it rule inserts links without a attribute value. There's no test, because it's not reproducible with the markdown rules in core.
2022-06-28 21:27:15 +02:00
Jarek Radosz
39a025c7af
DEV: Allow newer versions of node (#17261)
It should now properly work with 18.x, so we should start moving into direction of it being the default.
2022-06-28 20:52:31 +02:00
Jarek Radosz
4821d44c3c
DEV: Update webpack (#17262) 2022-06-28 14:39:09 +02:00
Jarek Radosz
f505221a9c
DEV: Update ember-cli-terser (#17252) 2022-06-27 18:13:46 +02:00
Jarek Radosz
d1d6868325
DEV: Update xss.js (#17216)
* DEV: Update xss.js

* Fix our hack
2022-06-24 10:28:05 +08:00
Jarek Radosz
f27dddd405
DEV: Make addons buildable on their own (#17205) 2022-06-23 22:19:54 +02:00
Jarek Radosz
16550537d0
DEV: Drop ember-maybe-import-regenerator (#17195)
I believe it's no longer needed on the browsers we support
2022-06-23 15:20:10 +02:00
Jarek Radosz
3cb67fcb6c
DEV: Update ember-cli-htmlbars (#17194) 2022-06-23 14:36:50 +02:00
Jarek Radosz
56d3bd5bdd
DEV: Update @glimmer/component (#17197) 2022-06-23 13:35:42 +02:00
Jarek Radosz
b09cce6897
DEV: Update ember-source-channel-url (#17196) 2022-06-22 00:12:43 +02:00
Jarek Radosz
06feeed187
DEV: Update @ember/optional-features (#17193) 2022-06-22 00:12:33 +02:00
Jarek Radosz
216663effa
DEV: Update ember-cli-dependency-checker (#17192) 2022-06-22 00:12:24 +02:00
Jarek Radosz
b50056a9f3
DEV: Update ember-cli-inject-live-reload (#17191) 2022-06-22 00:12:15 +02:00
Jarek Radosz
9cb9d1105e
DEV: Update ember-auto-import (#17176) 2022-06-21 22:06:41 +02:00
Gerhard Schlager
1c6f8f8a36
DEV: Upgrade Markdown.it to v13.0.1 (#17099)
Updates markdown-it to v13.0.1

Noteworthy changes:
* `markdownit()` is now available on `globalThis` instead of `window`.

* The `text_collapse` rule was renamed to `fragments_join` which affected the `bbcode-inline` implementation.

* The `linkify` rule was added to the `inline` chain which affected the handling of the `[url]` BBCode. If available, our implementation reuses `link_open` and `link_close` tokens created by linkify in order to prevent duplicate links.

* The rendered HTML for code changed slightly. There's now a linebreak before the `</code>` tag. The tests were adjusted accordingly.
2022-06-20 15:25:13 +02:00
David Taylor
166fe3bb34
FIX: Apply 'allowed_href_schemes' to all src/srcset attributes (#16860)
Previously we were only applying the restriction to `a[href]` and `img[src]`. This commit ensures we apply the same logic to all allowlisted media src attributes.
2022-05-19 11:18:30 +01:00
Jarek Radosz
d58a1e180d
DEV: Update ember-try to 2.0.0 (#16606) 2022-05-03 11:04:16 -04:00
Gerhard Schlager
3d62e335f7
FEATURE: Detect emoji from Emoji 14.0 (#16531) 2022-04-22 08:42:15 +02:00
Isaac Janzen
196b791365
DEV: Prioritize full name when display_name_on_posts active (#16078)
See: https://meta.discourse.org/t/display-full-name-not-username-when-attributing-quote-or-reply/203533?u=isaacjanzen for context

The initial release [broke quoting](https://meta.discourse.org/t/quoting-broken-when-name-matches-username/217633?u=isaacjanzen) but we now pass the username when 
```
siteSettings.display_name_on_posts && !siteSettings.prioritize_username_in_ux && post.name
```
as well as the full name to guarantee that we are not getting any mismatches when querying for user / avatar.

eg. 
```
[quote="Isaac Janzen, post:3, topic:7, full:true, username:isaac.janzen"]
bing bong
[/quote]
```
2022-04-20 10:07:51 -05:00
Jarek Radosz
77fed8dfc3
DEV: Update xss.js package (#16398) 2022-04-06 22:49:13 +02:00
Jarek Radosz
06d4445ab0
DEV: Remove deprecated pretty-text functions/file (#16397)
Nothing in all-the* uses those anymore
2022-04-06 22:48:50 +02:00
CommanderRoot
86a783b3ad
DEV: Replace deprecated String.prototype.substr() (#16233)
String.prototype.substr() is deprecated so we replace it with String.prototype.slice() which works similarily but isn't deprecated.

Signed-off-by: Tobias Speicher <rootcommander@gmail.com>
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2022-04-01 17:35:17 +02:00
David Taylor
720e1ca9e7
FEATURE: Support upload:// urls in img tags (#16277)
Previously, our `upload://` protocol urls were only supported in markdown image tags. This meant that our PullHotlinkedImages job was forced to convert `<img` tags to markdown. Depending on the exact syntax, this can actually cause the image to break.

This commit adds support for `upload://` inside regular HTML `<img` tags. In a future commit, we'll be able to use this to make our PullHotlinkedImages job much more robust.

Context at https://meta.discourse.org/t/152801
2022-03-28 16:46:47 +01:00
Jarek Radosz
b9c90d6a06
DEV: Use Map() to store emoji groups (#16065) 2022-03-05 18:58:49 +01:00
Martin Brennan
cfe4ff8d56
FIX: Make sure html_raw is hoisted in custom markdown cook function (#16050)
When returning the customRenderFn from within buildCustomMarkdownCookFunction
for custom markdown engines (such as the one used by the [chat] transcripts)
we were not hoisting/unhoisting the `html_raw` tokens created by the
transcript, which meant that opts.discourse.hoisted could end up in
a state where it was null, and which caused errors and general unpleasantness.

Instead, we can just call the `cook` function that is already exported
from discourse-markdown-it, that takes care of what we did previously
plus the hoisting.

There is a companion chat commit that adds tests for this, there are
no custom markdown engine usages in core to test with.
2022-02-28 07:54:55 +10:00
Martin Brennan
599a72768c
DEV: Add force_quote_link option to PrettyText (#16034)
This option will make it so the [quote] bbcode will always
include the HTML link to the quoted post, even if a topic_id
is not provided in the PrettyText#cook options. This is so
[quote] bbcode can be used in other places, like chat messages,
that always need the link and do not have an "off-topic" ID
to use.
2022-02-23 16:13:46 +10:00
Bianca Nenciu
add4b74e08
FIX: Load short upload URLs only once (#15918)
Loading did not work when it was used for multiple posts. Only the
short URLs from the first post were loaded.
2022-02-16 08:57:20 +02:00
David Taylor
a01b1dd648
PERF: Update ember-auto-import and webpack (#15919)
This makes a small improvement to 'cold cache' ember-cli build times, and a large improvement to 'warm cache' build times

The ember-auto-import update means that vendor is now split into multiple files for efficiency. These are named `chunk.*`, and should be included immediately after the `vendor.js` file. This commit also updates the rails app to render script tags for these chunks.

This change was previously merged, and caused memory-related errors on RAM-constrained machines. This was because Webpack 5 switches from multiple worker processes to a single multi-threaded process. This meant that it was hitting node's default heap size limit (~500mb on a 1GB RAM server). Discourse's standard install procedure recommends adding 2GB swap to 1GB-RAM machines, so we can afford to override's Node's default via the `--max-old-space-size` flag.
2022-02-14 11:21:39 +00:00
Ayke Halder
5ff3a9c4bb
DEV: add native lazy loading for emojis (#15830) 2022-02-09 12:18:59 +01:00