Dan Brown
7cc17934a8
Made MD editor display a sandboxed iframe
...
- Also added escaping of srcdoc elements in escape logic.
Related to #1531
2019-08-26 12:16:50 +01:00
Dan Brown
2955f414dd
Added iframe JS and data url escaping
...
Related to #1531
2019-08-06 21:08:24 +01:00
Dan Brown
c732970f6e
Hardened page content script escaping
...
Increased range of tests to cover.
Fixes #1531
2019-07-10 20:17:22 +01:00
Dan Brown
3ad1b42a74
Updated page delete to handle inactive custom homepage correctly
...
Fixes #1447
2019-05-27 12:40:19 +01:00
Dan Brown
ad542f0407
Prevented potential inline JS event usage
...
- Removes 'on*' attributes from elements.
- Also updated script logic to remove scripts instead of escaping.
- All JS injection removal now uses DomDocument + xpath parsing.
2019-05-05 13:53:37 +01:00
Dan Brown
8c190324ac
Updated existing image tests to reflect changes
...
- Also added some new tests
2019-05-04 18:11:19 +01:00
Dan Brown
c380c10d54
Prevented bad duplicate IDs causing major exception
...
Related to #1393
2019-04-15 21:20:32 +01:00
Dan Brown
7f3f6e65b9
Aligned item creation wording and updated shelf-book-add logic
2019-04-15 20:45:04 +01:00
Dan Brown
37bf7f11e4
Implemented new design in entity selector
...
- Also showed entity path in search.
- Cleaned popular entity fetch logic.
- Cleaned entity selector JS code a little
2019-03-30 16:54:15 +00:00
Dan Brown
035a0d8efb
Added experimental breadcrumb traversal
2019-02-24 15:57:35 +00:00
Dan Brown
f1e571a57c
Made shelf listing more unique & efficient
...
- Now includes listing of all books within.
2019-02-16 17:13:01 +00:00
Dan Brown
163a57cf70
Merge branch 'master' into 2019-design
2019-01-13 14:10:27 +00:00
Dan Brown
0e0a17cc30
Prevented page text content includes
...
Avoids possible permission issues where included content shown in search or preview
where the user would not normally have permission to view the included content.
Closes #1178
2019-01-05 17:18:40 +00:00
Dan Brown
4c574c22a8
Implemented functionality to make books sort function
...
Also changed public user settings to be stored in session rather than DB.
Cleaned existing list view type logic.
2018-12-07 18:33:53 +00:00
Dan Brown
85f330c79a
Extracted many page-specific repo methods into page-specific repo
2018-10-13 11:27:55 +01:00