Fork of pleroma-fe for akkoma; changes a whole bunch and we probably need a proper new name for it
Find a file
rinpatch d36b45ad43 entity_normalizer: Escape name when parsing user
In January 2020 Pleroma backend stopped escaping HTML in display names
and passed that responsibility on frontends, compliant with Mastodon's
version of Mastodon API [1]. Pleroma-FE was subsequently modified to
escape the display name [2], however only in the "name_html" field. This
was fine however, since that's what the code rendering display names used.

However, 2 months ago an MR [3] refactoring the way the frontend does emoji
and mention rendering was merged. One of the things it did was moving away
from doing emoji rendering in the entity normalizer and use the unescaped
'user.name' in the rendering code, resulting in HTML injection being
possible again.

This patch escapes 'user.name' as well, as far as I can tell there is no
actual use for an unescaped display name in frontend code, especially
when it comes from MastoAPI, where it is not supposed to be HTML.

[1]: https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1052
[2]: https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2167
[3]: https://git.pleroma.social/pleroma/pleroma-fe/-/merge_requests/1392
2021-11-16 20:35:23 +03:00
build No longer need to put ruffle stuff in source tree. Made ruffle not use 2021-04-11 23:03:03 +03:00
config
docs
src entity_normalizer: Escape name when parsing user 2021-11-16 20:35:23 +03:00
static This setting didn't actually do anything 2021-06-01 16:51:47 -05:00
test very minimalist hashtaglink implementation, also you can middle-click 2021-08-23 20:57:21 +03:00
tools
.babelrc [WIP] MUCH better approach to replacing emojis with still versions 2021-06-07 18:41:47 +03:00
.editorconfig Basic skeleton 2016-10-26 16:46:32 +02:00
.eslintignore
.eslintrc.js
.gitignore whoopsies 2018-12-11 18:57:24 +03:00
.gitlab-ci.yml
.mailmap
.node-version
.stylelintrc.json
BREAKING_CHANGES.md
CHANGELOG.md Merge branch 'develop' into 'themeApply' 2021-09-09 21:51:39 +00:00
COFE_OF_CONDUCT.md
CONTRIBUTORS.md Add edit profile button 2021-06-17 19:29:58 +00:00
index.html No longer need to put ruffle stuff in source tree. Made ruffle not use 2021-04-11 23:03:03 +03:00
LICENSE
package.json [WIP] MUCH better approach to replacing emojis with still versions 2021-06-07 18:41:47 +03:00
postcss.config.js
README.md
yarn.lock renamed StatusText to StatusBody for clarity, fixed chats 2021-06-07 19:50:38 +03:00

Pleroma-FE

A single column frontend designed for Pleroma.

screenshot

For Translators

To translate Pleroma-FE, add your language to src/i18n/messages.js. Pleroma-FE will set your language by your browser locale, but you can temporarily force it in the code by changing the locale in main.js.

FOR ADMINS

You don't need to build Pleroma-FE yourself. Those using the Pleroma backend will be able to use it out of the box.

Build Setup

# install dependencies
npm install -g yarn
yarn

# serve with hot reload at localhost:8080
npm run dev

# build for production with minification
npm run build

# run unit tests
npm run unit

For Contributors:

You can create file /config/local.json (see example) to enable some convenience dev options:

  • target: makes local dev server redirect to some existing instance's BE instead of local BE, useful for testing things in near-production environment and searching for real-life use-cases.
  • staticConfigPreference: makes FE's /static/config.json take preference of BE-served /api/statusnet/config.json. Only works in dev mode.

FE Build process also leaves current commit hash in global variable ___pleromafe_commit_hash so that you can easily see which pleroma-fe commit instance is running, also helps pinpointing which commit was used when FE was bundled into BE.

Configuration

Edit config.json for configuration.

Options

Login methods

loginMethod can be set to either password (the default) or token, which will use the full oauth redirection flow, which is useful for SSO situations.