Commit graph

160 commits

Author SHA1 Message Date
Michael Telatynski
72f50a8c61
rewrite group permalinks in <a hrefs> also
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2018-06-19 11:51:06 +01:00
Matthew Hodgson
7de45f8b7b make quoting work 2018-05-21 03:48:59 +01:00
Matthew Hodgson
c5676eef89 comment out more old draft stuff 2018-05-20 14:32:06 +01:00
Jonas Schürmann
4a9f4ba5eb Fix vector-im/riot-web#6523 Emoji rendering destroys paragraphs
This regression was probably introduced in
4f4441fb07 and is caused by the fact that
the variable `isHtml` conflates two different meanings:

- The event contains an HTML message
- The event message is displayed using HTML

This is an important difference. Plain text messages that contain
emojies are rendered with an HTML string and thus have to be sanitized
etc. But they must not use the MarkDown CSS styles for HTML messages.

The MarkDown CSS styles include `whitespace: normal` because HTML events
use `<br/>`-tags for line breaks. Plain text messages with emojies
obviously don't use `<br/>`-tags, so these styles must not be applied.

Signed-off-by: Jonas Schürmann <jonasschuermann@aol.de>
2018-05-17 20:12:51 +02:00
Michael Telatynski
dbbcabfed8
switch from asymmetrical fallback form to a cleaner one mx-reply
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2018-05-12 15:58:25 +01:00
Michael Telatynski
4a0a5c6bef
Merge remote-tracking branch 'origin/t3chguy/m.relates_to' into t3chguy/m.relates_to 2018-04-27 11:23:12 +01:00
Michael Telatynski
3de679b084
Add comment to HtmlUtils.js
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2018-04-27 11:14:50 +01:00
Michael Telatynski
0f11bc62cc
undo code style change 2018-04-23 10:58:39 +01:00
Michael Telatynski
2854f2b6c8
allow BigEmoji calc to ignore replies fallback if enabled
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2018-04-04 10:36:48 +01:00
Michael Telatynski
a390cecf92
fix missing null-guard
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2018-03-29 17:34:08 +01:00
Michael Telatynski
b5ed08eba2
Merge
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2018-03-24 17:52:49 +00:00
Luke Barnard
4f4441fb07 Only use dangerouslySetInnerHTML for HTML messages
...and plain messages with emoji that we replace with <img> tags
amonst the html-escaped `content.body`.
2018-03-13 17:15:16 +00:00
Michael Telatynski
3b02766be9
isHtml makes no sense if there is no formatted_body
this is a bug pre-replies but replies exacerbates it

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2018-03-05 07:33:18 +00:00
Michael Telatynski
df56a67fda
Add reply fallback and run gen-i18n
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2018-03-04 12:39:34 +00:00
David Baker
3e4175f3e0 Add isUrlPermitted function 2018-02-09 12:20:05 +00:00
Luke Barnard
d14f943629 Ignore img tags in HTML if src is not specified
This applies to HTML messages and group summaries.
2017-11-06 17:52:46 +00:00
Matthew Hodgson
67ba0e59a2 Merge pull request #1301 from zeroware/develop
Include magnet scheme in sanitize HTML params
2017-10-14 23:48:43 +01:00
Michael Telatynski
c1edc0c32e
add option to disable BigEmoji
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2017-10-14 19:40:45 +01:00
Luke Barnard
d3f9a3aeb5 Run eslint --fix
Fixing 1000s of lint issues. Some rules cannot be `--fix`ed but this goes some way to linting the entire codebase.
2017-10-11 17:56:17 +01:00
David Baker
bfedcd1ff0 Don't check for only-emoji if there were none
We were still running the emojione regex on all messages to
determine if they were *only* emoji (for the big emoji). This is
pointless on messages that we already know don't have emoji.

Also stop exporting unicodeToImage because it isn't used anywhere.
2017-09-15 12:03:32 +01:00
David Baker
803e8f93e3 Fix emojification of symbol characters
Emojione has graphics for a lot of the symbol / dingbat characters
which are within the basic multilingual plane, but the new
fast-path regex was only detecthing surrogate pairs, so not
counting the symbols as emoji.
2017-09-15 11:43:55 +01:00
Michael Telatynski
39470c44a3
Merge branch 'develop' of github.com:matrix-org/matrix-react-sdk into t3chguy/sub-sup 2017-09-13 12:15:12 +01:00
Michael Telatynski
a0855a2869
allow sending sub,sup and whitelist them on receive
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
2017-09-13 12:04:46 +01:00
David Baker
7617788345 Merge pull request #1372 from matrix-org/dbkr/emoji_fast_path
Fast path for emojifying strings
2017-09-10 17:44:02 +01:00
David Baker
876257f4e2 Consolidate the code copy button
Adding the code code button was done by manipulating the HTML of
the event body to add a span tag, then adding the onclick handler
after the thing was mounted. Apart from splitting the code between
two places, adding the span tag was, according to Chrome's
profiler, taking up quite a lot of CPU cycles (apparently as soon
as you set the innerHTML on a div). Instead, just build the whole
lot together after the component mounts.
2017-09-10 14:23:33 +01:00
David Baker
fe79010e4e Only add the code copy button for HTML messages
Trivial fast-path optimisation: plain text messages cannot possibly contain pre
blocks so there's no point in trying to parse them in order to add code copy
buttons.
2017-09-08 23:36:22 +01:00
David Baker
ea5726aa4e Copyright 2017-09-08 23:14:06 +01:00
David Baker
ec3ff529e7 Fast path for emojifying strings
Emojione's regex for detecting emoji is *enourmous* and we were
running it on every display name, room name, message etc every time
those components mounted. Add a much simpler regex to rule out the
majority of strings that contain no emoji and fast-path them.

Makes room switching about 10% faster (in my tests with all the
profiling turned on).
2017-09-08 23:05:27 +01:00
Zero
798d68b4c8 Include magnet scheme in sanitize HTML params
Update HtmlUtils sanitze-html params to include the magnet scheme
2017-08-14 19:42:00 +02:00
Hubert Chathi
df71502dbb allow width, height, alt, title attributes in img
fixes vector-im/riot-web#4646

Signed-off-by: Hubert Chathi <hubert@uhoreg.ca>
2017-07-25 10:43:40 -04:00
Luke Barnard
0df144cb62 Update unicodeToImage to maintain compatibility with emojione
We recently updated our version of emojione but this update included the addition of emoji represented in unicode with ZWJ (Zero-Width-Joiners). These ZWJs are not present in the asset file names, so any emoji with ZWJ in them were just not found (404 on the web client).

This updates `unicodeToImage` to be compatible with emojione 2.2.7 so that the correct filenames are used when converting from unicode to <img>.
2017-07-11 18:27:35 +01:00
Luke Barnard
dfa97e8452 Add comment 2017-07-10 17:48:01 +01:00
Luke Barnard
6877b99435 Strip <img src="https?://..">s when transforming imgs instead of using allowedSchemesByTag 2017-07-10 17:44:49 +01:00
Luke Barnard
bb9080425a Allow image tags with src attributes with schemes http[s]
And transform `mxc:*` URLs to `https?://`
2017-07-10 16:27:23 +01:00
Luke Barnard
96f5f92c7f Disallow data attribute, we don't need it currently 2017-07-10 15:44:46 +01:00
Luke Barnard
f9ee89b2f4 Merge branch 'develop' into matthew/whitelist-uri-schemes 2017-07-10 15:42:03 +01:00
Luke Barnard
32a01b54b8 Merge branch 'develop' into erikj/group_server 2017-07-07 10:08:49 +01:00
Luke Barnard
e7a2c3b975 Only send HTML when using RTE when necessary
When there are no styled blocks or inline styles applied within blocks, just send text instead of HTML.

Also, don't add <br /> for the last <p> (the last block).

Fixes https://github.com/vector-im/riot-web/issues/3147
2017-06-30 11:27:00 +01:00
Luke Barnard
9b24f70d00 Update comment 2017-06-28 14:29:53 +01:00
Luke Barnard
eeb1c33868 Do the less invasive fix of replacing <br>\n with \n but only within <pre> 2017-06-28 14:27:24 +01:00
Luke Barnard
f73fa4b49b Move processing into renamed function processHtmlforSending
And explain why this fix is necessary
2017-06-28 11:49:50 +01:00
Johannes Löthberg
661e6a6d01 HtmlUtils: Allow language- classes on code blocks through the sanitizer
This is required to be able to specify the highlight language in fenced
blocks like the following:

    ```python
    print("foo")
    ```

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
2017-06-26 17:45:38 +02:00
David Baker
2efa099de2 Use function from HTMLUtils for sanitizing
Encapsulates things a little nicer
2017-06-23 17:02:54 +01:00
David Baker
71eb405859 Add comments & remove redundant check 2017-06-08 14:53:21 +01:00
David Baker
b40636a425 Merge pull request #1040 from ollieh/issues/1974
Added button that copies code to clipboard
2017-06-08 14:45:58 +01:00
Oliver Hunt
dd6171a39e Review changes
Signed-off-by: Oliver Hunt <oliver@hunt.bz>
2017-06-06 12:34:03 +01:00
Oliver Hunt
a640e943f7 Added button that copies code to clipboard
Signed-off-by: Oliver Hunt <oliver@hunt.bz>
2017-06-06 12:33:44 +01:00
saul.kredi@krutt.org
4afba2f796 Add support for RTL languages 2017-05-29 18:44:39 +03:00
Matthew Hodgson
c0cead1546 workaround for https://github.com/vector-im/riot-web/issues/3633.
unsure our vector url match could ever return undefined, but apparently it is...
2017-05-15 01:32:37 +01:00
turt2live
3bd77d56db Allow h1 and h2 tags again. CSS handled by riot-web
Signed-off-by: Travis Ralston <travpc@gmail.com>
2017-04-24 08:45:22 -06:00
turt2live
80b8be64d1 Transform h1 and h2 tags to h3 tags
Addresses vector-im/riot-web#1772

Signed-off-by: Travis Ralston <travpc@gmail.com>
2017-04-21 15:09:56 -06:00
Luke Barnard
9cd7914ea5 Finishing off the first iteration on login UI
This makes the following changes:
 - Improve CountryDropdown by allowing all countries to be displayed at once and using PNGs for performance (trading of quality - the pngs are scaled down from 32px to 25px)
 - "I want to sign in with" dropdown to select login method
 - MXID login field that suffixes HS domain (whether custom or matrix.org) and prefixes "@"
 - Email field which is secretly the same as the username field but with a different placeholder
 - No more login flickering when changing ServerConfig (!) fixes https://github.com/vector-im/riot-web/issues/1517

This implements most of the design in https://github.com/vector-im/riot-web/issues/3524 but neglects the phone number login:
![login_with_msisdn](https://cloud.githubusercontent.com/assets/1922197/24864469/30a921fc-1dfc-11e7-95d1-76f619da1402.png)

This will be updated in another PR to implement desired things:
 - Country code visible once a country has been selected (propbably but as a prefix to the phone number input box.
 - Use square flags
 - Move CountryDropdown above phone input and make it show the full country name when not expanded
 - Auto-select country based on IP
2017-04-21 11:37:08 +01:00
Luke Barnard
ec2a5cce74 Merge branch 'develop' into matthew/whitelist-uri-schemes 2017-04-13 14:08:19 +01:00
Matthew Hodgson
bb25bee8fa Merge pull request #787 from VShell/patch-3
Add <ol start="..."> to allowed attributes list
2017-04-02 12:49:01 +01:00
Shell Turner
3ff54b8e4b Add <ol start="..."> to allowed attributes list
Fixes vector-im/riot-web#3273

Signed-off-by: Shell Turner <cam.turn@gmail.com>
2017-04-02 11:19:50 +01:00
David Baker
878413f6a4 Support msisdn signin
Changes from https://github.com/matrix-org/matrix-react-sdk/pull/742
2017-03-14 11:50:13 +00:00
Richard van der Hoff
2786fb0f46 Revert "Support registration & login with phone number (#742)"
This reverts commit 0269562383.

This breaks against the current synapse release. We need to think more
carefully about backwards compatibility.
2017-03-09 18:32:44 +00:00
David Baker
0269562383 Support registration & login with phone number (#742)
* WIP msisdn sign in

* A mostly working country picker

* Fix bug where you'dbe logged out after registering

Stop the guest sync, otherwise it gets 401ed for using a guest
access token for a non-guest, causing us to beliebe we've been
logged out.

* Use InteractiveAuth component for registration

* Fix tests

* Remove old signup code

* Signup -> Login

Now that Signup contains no code whatsoever related to signing up,
rename it to Login. Get rid of the Signup class.

* Stray newline

* Fix more merge failing

* Get phone country & number to the right place

* More-or-less working msisdn auth component

* Send the bind_msisdn param on registration

* Refinements to country dropdown

Rendering the whole lot when the component was rendered just makes
the page load really slow, so just show 2 at a time and rely on
type-to-search.

Make type-to-search always display an exact iso2 match first

* Propagate initial inputs to the phone input

* Support msisdn login

* semicolon

* Fix PropTypes

* Oops, use the 1qst element of the array

Not the array of object keys which has no particular order

* Make dropdown/countrydropdown controlled

* Unused line

* Add note on DOM layout

* onOptionChange is required

* More docs

* Add missing propTypes

* Don't resume promise on error

* Use React.Children to manipulate children

* Make catch less weird

* Fix null dereference

Assuming [0] of an empty list == undefined doesn't work if you're
then taking a property of it.
2017-03-09 10:59:22 +00:00
Luke Barnard
fa2cf41039 Make COLOR_REGEX stricter 2017-03-03 15:46:13 +00:00
Luke Barnard
f4278b61ea Update comment 2017-03-02 18:13:01 +00:00
Luke Barnard
0f8ab99158 Have COLOR_REGEX constant 2017-03-02 17:02:00 +00:00
Luke Barnard
b951713f7f Remove custom attribs as consumed 2017-03-02 11:39:40 +00:00
Luke Barnard
36795fa192 Use data-mx[-bg]-color instead of stripping style
This has the benefit of not needing a spec for custom CSS. Instead we rigourously sanitise the values for custom data attributes that are transformed to CSS equivalents. `data-mx-color` translates to CSS `color` for example.
2017-03-02 11:36:56 +00:00
Luke Barnard
5fc828f24c Allow span, and only allow style attrib 2017-02-27 11:32:57 +00:00
Luke Barnard
886b0a3f13 Sanitise for *, fix style issues 2017-02-27 11:23:37 +00:00
Matthew Hodgson
2db53c2284 whitelist data & mxc URIs on img tags: readds PR #333 now that punkave/sanitize-html#137 has landed 2017-02-19 03:04:42 +02:00
Luke Barnard
ae03244e6e Merge branch 'develop' into luke/feature-css-msg-colors 2017-02-09 13:14:15 +00:00
Matthew Hodgson
231997dd63 unbreak /markdown off 2017-02-09 01:18:09 +00:00
David Baker
18d4d3392a Fix a bunch of linting errors
eslint --fix and a few manual ones
2017-01-20 14:22:27 +00:00
Luke Barnard
32185befc0 Only transform <font> 2017-01-11 16:41:05 +00:00
Luke Barnard
8e3f2eb858 Allow [bf]g colors for <font> style attrib
Instead of dropping the style attribute on `<font>` tags entirely, sanitise aggressively and only keep `background-color` and `color` keys, and also sanitise the values to prevent `url(XXXXXX)` and `expression(XXXXXX)` type XSS attacks.
2017-01-11 16:35:37 +00:00
David Baker
8cf273a460 Run highlight.js asynchronously
Move the very minimal logic of highlightDOM into TextualBody
because then we can avoid scheduling a lot of timeouts which
would ultimately do nothing (ie. any messages that don't have code
blocks).
2016-10-26 18:41:28 +01:00
David Baker
5fff3bdf24 Document brokenness 2016-09-21 16:25:18 +01:00
David Baker
8ae210cbe2 Revert #333
Revert https://github.com/matrix-org/matrix-react-sdk/pull/333/files since sanitizer blindly allows urls with no scheme, meaning  // links can be used to fetch images over whatever scheme you serve vector over (ie. normally http/https).
2016-09-21 16:19:41 +01:00
Aviral Dasgupta
6befb09509 Replace <p>s with <br/>s consistently
Also, allow newlines in /commands.
Fixes vector-im/vector-web#2114, vector-im/vector-web#2165.
2016-09-16 21:40:00 +05:30
Aviral Dasgupta
7c6b1703f3 fix emojione sizing 2016-08-28 14:54:07 +05:30
Matthew Hodgson
de82ac3bc0 don't change URL bar when clicking on linkified rooms or users.
be aware of /user paths.
2016-08-28 02:05:31 +01:00
Matthew Hodgson
ad873c2b60 handle matrix.to links correctly. add partial support for #/user URLs 2016-08-28 01:55:42 +01:00
Matthew Hodgson
5b0d13c1fc switch to namespaced CSS 2016-08-27 23:59:55 +01:00
Matthew Hodgson
2a3b0e85ea add rel='noopener' wherever we do target='_blank' because https://mathiasbynens.github.io/rel-noopener/ 2016-08-15 21:37:26 +01:00
Aviral Dasgupta
dbbea63227 Various fixes and improvements to emojification.
- Use locally hosted emoji
- Emojify SenderProfile and m.emote
- Add emoji shortcodes as titles
2016-08-09 22:09:28 +05:30
Matthew Hodgson
bcd1c7e099 improve comment 2016-07-18 01:34:26 +01:00
Matthew Hodgson
41bff38713 fix classes used for body spans, and only apply markdown-body to markdown(!) 2016-07-15 15:04:19 +01:00
David Baker
63ad57a8d4 Merge pull request #332 from aviraldg/feature-emojione
feat: render unicode emoji as emojione images
2016-07-05 10:18:33 +01:00
Aviral Dasgupta
545d59769e feat: unblacklist img tags with data URIs
fixes vector-im/vector-web#1692
2016-07-05 11:16:09 +05:30
Aviral Dasgupta
a9a3d31b3f feat: improve emoji-body detection 2016-07-05 10:43:09 +05:30
Aviral Dasgupta
020f1f4320 feat: emojify ALL THE THINGS! 2016-07-05 10:16:17 +05:30
Aviral Dasgupta
9c0dc74289 feat: use svg emoji 2016-07-05 09:58:28 +05:30
Aviral Dasgupta
4069886cbd feat: large emoji support 2016-07-05 04:04:57 +05:30
Aviral Dasgupta
48f2c4a696 feat: render unicode emoji as emojione images 2016-07-05 03:13:53 +05:30
Aviral Dasgupta
4ef148eaec whitelist <u> tag (fixes vector-im/vector-web#1339) 2016-04-02 22:15:29 +05:30
Matthew Hodgson
fcc82fbd27 unbreak tag sanitizing 2016-03-25 01:25:32 +00:00
Matthew Hodgson
462ccf89d7 inplace-edit on attribs 2016-03-21 15:54:02 +00:00
Matthew Hodgson
c3e96f8af1 incorporate review 2016-03-21 15:45:04 +00:00
Matthew Hodgson
d54a75c913 actually, only intercept URLs which are explicitly referring to our current app 2016-03-20 12:31:30 +00:00
Matthew Hodgson
1aed9ccbf4 linkify vector.im URLs directly into the app, both from HTML and non-HTML messages 2016-03-20 03:05:07 +00:00
Richard van der Hoff
4158a007db Give <a> elements in search results a key
... to make react shut up about them
2016-02-22 17:44:34 +00:00
Richard van der Hoff
e3feae32e1 Fix search clickthrough for HTML events
Switch to using a normal <a href="..."> link for search result
clickthrough. Apart from generally giving a better experience, this means that
it also works on html messages. The problem there was that we were attaching
onClick handlers to <span>s which we were then flattening into HTML with
ReactDOMServer (which meant the onClick handlers were never attached to React's
list of listeners).

To make this work without jumping through React hoops, the highlighter now
returns either a list of strings or a list of nodes, depending on whether we
are dealing with an HTML event or a text one. We therefore have a separate
HtmlHighlighter and TextHighlighter.
2016-02-17 21:06:27 +00:00
Matthew Hodgson
1c30640a92 remove unused 'body' var; use a finally to clean up the temporary textfilter 2016-02-11 14:03:54 +00:00
Matthew Hodgson
92435c0865 ooops, don't forget to actually sanitize the highlights after all that 2016-02-10 23:45:07 +00:00