The last places coins were visible to non-admins were in user popovers
and, potentially, via direct access of /@<username>/coins. These have
been removed.
Additionally, there are a number of routes which, despite being removed
from the UI, were still operative and usable. These are disabled
pending possible(?) future uses of coins.
Due to use of Submission.{choices, options, bet_options} in realbody,
generating submission_listings resulted in extremely high volume of
SELECT queries.
In local testing with 6 posts, one of which had a poll with 2 options,
the removal of these calls reduced quantity of queries on the homepage
from 84 to 22.
Given that it was previously decided to remove the polls feature after
a regression while adding comment filtering, the remaining dead code
paths for polls were also removed.
Another JS load order bug, previously fixed upstream. bs_trigger() in
header.js must be run after DOM content is loaded to properly set the
events for tooltips to appear on hover. This commit uses standard
document ready event boilerplate to ensure this happens, regardless
of script load order.
Fixes issue #178. Root cause was attempting to document.getElementById
of both modal and toggle input before both were loaded into the DOM.
In the upstream, Cloudflare's Rocket Loader is used, which papers over
many cases of inattention to loading order.
This change disables multimedia embedding:
- In comments and comments replies.
- In new submissions.
- In comment & submission preview
And it's all toggle-able via an envvar, except for the JS bits,
but I linked those to the github issue, so should be easy to find
in the future.
The way it works is:
- removes markdown image/video syntax,
eg. `` into ``
- changes link text into anchors, eg.
`https://example.org/someimage.jpg` into
`[https://example.org/someimage.jpg](https://example.org/someimage.jpg)`
- removes html img/video/audio tags, eg.
`<img href="https://example.org/someimage.jpg" />` into ``
- when embedding gifs via the giphy modal in "new submission", it will
insert only an anchor to the gif
- when attaching an image, it will upload the image, then add only an
anchor to the post/comment body
I tested this manually, but not sure if I got all the test cases. What I
checked was:
- create comment w/ image/video/audio media using markdown -> success
- create comment reply w/ image/video/audio media using markdown ->
success
- create comment w/ link to img/imgur/youtube/audio -> success
- create comment w/ attachment -> success
- create comment reply w/ attachment -> success
- create comment w/ img/video tag -> success
- create comment reply w/ image/video tag -> success
- create post submission w/ image/video/media using markdown -> success
- create post submission w/ link to img/imgur/youtube/audio -> success
- create post submission w/ attachment -> success
- create post submission w/ giphy gif -> success
Also, updated the formatting page.
Co-authored-by: Ben Rog-Wilhelm <zorba-github@pavlovian.net>
On unmodified themotte, try creating a submission with
```html
<img src="/doesnotexist.png" onerror="alert(1)" />
```
and observe that your browser opens an alert window.
