commit
						e589afa0ef
					
				
							
								
								
									
										11
									
								
								CHANGELOG.md
								
								
								
								
							
							
						
						
									
										11
									
								
								CHANGELOG.md
								
								
								
								
							|  | @ -3,7 +3,12 @@ Changelog | ||||||
| 
 | 
 | ||||||
| All notable changes to this project will be documented in this file. | All notable changes to this project will be documented in this file. | ||||||
| 
 | 
 | ||||||
| ## [Unreleased] | ## [4.0.1] - 2022-11-14 | ||||||
|  | ### Fixed | ||||||
|  | 
 | ||||||
|  | - Fix nodes order being sometimes mangled when rewriting emoji ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/20677)) | ||||||
|  | 
 | ||||||
|  | ## [4.0.0] - 2022-11-14 | ||||||
| 
 | 
 | ||||||
| Some of the features in this release have been funded through the [NGI0 Discovery](https://nlnet.nl/discovery) Fund, a fund established by [NLnet](https://nlnet.nl/) with financial support from the European Commission's [Next Generation Internet](https://ngi.eu/) programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825322. | Some of the features in this release have been funded through the [NGI0 Discovery](https://nlnet.nl/discovery) Fund, a fund established by [NLnet](https://nlnet.nl/) with financial support from the European Commission's [Next Generation Internet](https://ngi.eu/) programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825322. | ||||||
| 
 | 
 | ||||||
|  | @ -196,6 +201,10 @@ Some of the features in this release have been funded through the [NGI0 Discover | ||||||
| ### Security | ### Security | ||||||
| 
 | 
 | ||||||
| - Fix being able to spoof link verification ([Gargron](https://github.com/mastodon/mastodon/pull/20217)) | - Fix being able to spoof link verification ([Gargron](https://github.com/mastodon/mastodon/pull/20217)) | ||||||
|  | - Fix emoji substitution not applying only to text nodes in backend code ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/20641)) | ||||||
|  | - Fix emoji substitution not applying only to text nodes in web UI ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/20640)) | ||||||
|  | - Fix rate limiting for paths with formats ([Gargron](https://github.com/mastodon/mastodon/pull/20675)) | ||||||
|  | - Fix out-of-bound reads in blurhash transcoder ([delroth](https://github.com/mastodon/mastodon/pull/20388)) | ||||||
| 
 | 
 | ||||||
| ## [3.5.3] - 2022-05-26 | ## [3.5.3] - 2022-05-26 | ||||||
| ### Added | ### Added | ||||||
|  |  | ||||||
|  | @ -19,10 +19,13 @@ const emojiFilename = (filename) => { | ||||||
|   return borderedEmoji.includes(filename) ? (filename + '_border') : filename; |   return borderedEmoji.includes(filename) ? (filename + '_border') : filename; | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
|  | const domParser = new DOMParser(); | ||||||
|  | 
 | ||||||
| const emojifyTextNode = (node, customEmojis) => { | const emojifyTextNode = (node, customEmojis) => { | ||||||
|   const parentElement = node.parentElement; |  | ||||||
|   let str = node.textContent; |   let str = node.textContent; | ||||||
| 
 | 
 | ||||||
|  |   const fragment = new DocumentFragment(); | ||||||
|  | 
 | ||||||
|   for (;;) { |   for (;;) { | ||||||
|     let match, i = 0; |     let match, i = 0; | ||||||
| 
 | 
 | ||||||
|  | @ -64,12 +67,16 @@ const emojifyTextNode = (node, customEmojis) => { | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|  |     fragment.append(document.createTextNode(str.slice(0, i))); | ||||||
|  |     if (replacement) { | ||||||
|  |       fragment.append(domParser.parseFromString(replacement, 'text/html').documentElement.getElementsByTagName('img')[0]); | ||||||
|  |     } | ||||||
|     node.textContent = str.slice(0, i); |     node.textContent = str.slice(0, i); | ||||||
|     parentElement.insertAdjacentHTML('beforeend', replacement); |  | ||||||
|     str = str.slice(rend); |     str = str.slice(rend); | ||||||
|     node = document.createTextNode(str); |  | ||||||
|     parentElement.append(node); |  | ||||||
|   } |   } | ||||||
|  | 
 | ||||||
|  |   fragment.append(document.createTextNode(str)); | ||||||
|  |   node.parentElement.replaceChild(fragment, node); | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| const emojifyNode = (node, customEmojis) => { | const emojifyNode = (node, customEmojis) => { | ||||||
|  |  | ||||||
|  | @ -11,8 +11,8 @@ describe('emoji', () => { | ||||||
|     }); |     }); | ||||||
| 
 | 
 | ||||||
|     it('works with unclosed tags', () => { |     it('works with unclosed tags', () => { | ||||||
|       expect(emojify('hello>')).toEqual('hello>'); |       expect(emojify('hello>')).toEqual('hello>'); | ||||||
|       expect(emojify('<hello')).toEqual('<hello'); |       expect(emojify('<hello')).toEqual(''); | ||||||
|     }); |     }); | ||||||
| 
 | 
 | ||||||
|     it('works with unclosed shortcodes', () => { |     it('works with unclosed shortcodes', () => { | ||||||
|  | @ -22,23 +22,23 @@ describe('emoji', () => { | ||||||
| 
 | 
 | ||||||
|     it('does unicode', () => { |     it('does unicode', () => { | ||||||
|       expect(emojify('\uD83D\uDC69\u200D\uD83D\uDC69\u200D\uD83D\uDC66\u200D\uD83D\uDC66')).toEqual( |       expect(emojify('\uD83D\uDC69\u200D\uD83D\uDC69\u200D\uD83D\uDC66\u200D\uD83D\uDC66')).toEqual( | ||||||
|         '<img draggable="false" class="emojione" alt="👩👩👦👦" title=":woman-woman-boy-boy:" src="/emoji/1f469-200d-1f469-200d-1f466-200d-1f466.svg" />'); |         '<img draggable="false" class="emojione" alt="👩👩👦👦" title=":woman-woman-boy-boy:" src="/emoji/1f469-200d-1f469-200d-1f466-200d-1f466.svg">'); | ||||||
|       expect(emojify('👨👩👧👧')).toEqual( |       expect(emojify('👨👩👧👧')).toEqual( | ||||||
|         '<img draggable="false" class="emojione" alt="👨👩👧👧" title=":man-woman-girl-girl:" src="/emoji/1f468-200d-1f469-200d-1f467-200d-1f467.svg" />'); |         '<img draggable="false" class="emojione" alt="👨👩👧👧" title=":man-woman-girl-girl:" src="/emoji/1f468-200d-1f469-200d-1f467-200d-1f467.svg">'); | ||||||
|       expect(emojify('👩👩👦')).toEqual('<img draggable="false" class="emojione" alt="👩👩👦" title=":woman-woman-boy:" src="/emoji/1f469-200d-1f469-200d-1f466.svg" />'); |       expect(emojify('👩👩👦')).toEqual('<img draggable="false" class="emojione" alt="👩👩👦" title=":woman-woman-boy:" src="/emoji/1f469-200d-1f469-200d-1f466.svg">'); | ||||||
|       expect(emojify('\u2757')).toEqual( |       expect(emojify('\u2757')).toEqual( | ||||||
|         '<img draggable="false" class="emojione" alt="❗" title=":exclamation:" src="/emoji/2757.svg" />'); |         '<img draggable="false" class="emojione" alt="❗" title=":exclamation:" src="/emoji/2757.svg">'); | ||||||
|     }); |     }); | ||||||
| 
 | 
 | ||||||
|     it('does multiple unicode', () => { |     it('does multiple unicode', () => { | ||||||
|       expect(emojify('\u2757 #\uFE0F\u20E3')).toEqual( |       expect(emojify('\u2757 #\uFE0F\u20E3')).toEqual( | ||||||
|         '<img draggable="false" class="emojione" alt="❗" title=":exclamation:" src="/emoji/2757.svg" /> <img draggable="false" class="emojione" alt="#️⃣" title=":hash:" src="/emoji/23-20e3.svg" />'); |         '<img draggable="false" class="emojione" alt="❗" title=":exclamation:" src="/emoji/2757.svg"> <img draggable="false" class="emojione" alt="#️⃣" title=":hash:" src="/emoji/23-20e3.svg">'); | ||||||
|       expect(emojify('\u2757#\uFE0F\u20E3')).toEqual( |       expect(emojify('\u2757#\uFE0F\u20E3')).toEqual( | ||||||
|         '<img draggable="false" class="emojione" alt="❗" title=":exclamation:" src="/emoji/2757.svg" /><img draggable="false" class="emojione" alt="#️⃣" title=":hash:" src="/emoji/23-20e3.svg" />'); |         '<img draggable="false" class="emojione" alt="❗" title=":exclamation:" src="/emoji/2757.svg"><img draggable="false" class="emojione" alt="#️⃣" title=":hash:" src="/emoji/23-20e3.svg">'); | ||||||
|       expect(emojify('\u2757 #\uFE0F\u20E3 \u2757')).toEqual( |       expect(emojify('\u2757 #\uFE0F\u20E3 \u2757')).toEqual( | ||||||
|         '<img draggable="false" class="emojione" alt="❗" title=":exclamation:" src="/emoji/2757.svg" /> <img draggable="false" class="emojione" alt="#️⃣" title=":hash:" src="/emoji/23-20e3.svg" /> <img draggable="false" class="emojione" alt="❗" title=":exclamation:" src="/emoji/2757.svg" />'); |         '<img draggable="false" class="emojione" alt="❗" title=":exclamation:" src="/emoji/2757.svg"> <img draggable="false" class="emojione" alt="#️⃣" title=":hash:" src="/emoji/23-20e3.svg"> <img draggable="false" class="emojione" alt="❗" title=":exclamation:" src="/emoji/2757.svg">'); | ||||||
|       expect(emojify('foo \u2757 #\uFE0F\u20E3 bar')).toEqual( |       expect(emojify('foo \u2757 #\uFE0F\u20E3 bar')).toEqual( | ||||||
|         'foo <img draggable="false" class="emojione" alt="❗" title=":exclamation:" src="/emoji/2757.svg" /> <img draggable="false" class="emojione" alt="#️⃣" title=":hash:" src="/emoji/23-20e3.svg" /> bar'); |         'foo <img draggable="false" class="emojione" alt="❗" title=":exclamation:" src="/emoji/2757.svg"> <img draggable="false" class="emojione" alt="#️⃣" title=":hash:" src="/emoji/23-20e3.svg"> bar'); | ||||||
|     }); |     }); | ||||||
| 
 | 
 | ||||||
|     it('ignores unicode inside of tags', () => { |     it('ignores unicode inside of tags', () => { | ||||||
|  | @ -46,16 +46,16 @@ describe('emoji', () => { | ||||||
|     }); |     }); | ||||||
| 
 | 
 | ||||||
|     it('does multiple emoji properly (issue 5188)', () => { |     it('does multiple emoji properly (issue 5188)', () => { | ||||||
|       expect(emojify('👌🌈💕')).toEqual('<img draggable="false" class="emojione" alt="👌" title=":ok_hand:" src="/emoji/1f44c.svg" /><img draggable="false" class="emojione" alt="🌈" title=":rainbow:" src="/emoji/1f308.svg" /><img draggable="false" class="emojione" alt="💕" title=":two_hearts:" src="/emoji/1f495.svg" />'); |       expect(emojify('👌🌈💕')).toEqual('<img draggable="false" class="emojione" alt="👌" title=":ok_hand:" src="/emoji/1f44c.svg"><img draggable="false" class="emojione" alt="🌈" title=":rainbow:" src="/emoji/1f308.svg"><img draggable="false" class="emojione" alt="💕" title=":two_hearts:" src="/emoji/1f495.svg">'); | ||||||
|       expect(emojify('👌 🌈 💕')).toEqual('<img draggable="false" class="emojione" alt="👌" title=":ok_hand:" src="/emoji/1f44c.svg" /> <img draggable="false" class="emojione" alt="🌈" title=":rainbow:" src="/emoji/1f308.svg" /> <img draggable="false" class="emojione" alt="💕" title=":two_hearts:" src="/emoji/1f495.svg" />'); |       expect(emojify('👌 🌈 💕')).toEqual('<img draggable="false" class="emojione" alt="👌" title=":ok_hand:" src="/emoji/1f44c.svg"> <img draggable="false" class="emojione" alt="🌈" title=":rainbow:" src="/emoji/1f308.svg"> <img draggable="false" class="emojione" alt="💕" title=":two_hearts:" src="/emoji/1f495.svg">'); | ||||||
|     }); |     }); | ||||||
| 
 | 
 | ||||||
|     it('does an emoji that has no shortcode', () => { |     it('does an emoji that has no shortcode', () => { | ||||||
|       expect(emojify('👁🗨')).toEqual('<img draggable="false" class="emojione" alt="👁🗨" title="" src="/emoji/1f441-200d-1f5e8.svg" />'); |       expect(emojify('👁🗨')).toEqual('<img draggable="false" class="emojione" alt="👁🗨" title="" src="/emoji/1f441-200d-1f5e8.svg">'); | ||||||
|     }); |     }); | ||||||
| 
 | 
 | ||||||
|     it('does an emoji whose filename is irregular', () => { |     it('does an emoji whose filename is irregular', () => { | ||||||
|       expect(emojify('↙️')).toEqual('<img draggable="false" class="emojione" alt="↙️" title=":arrow_lower_left:" src="/emoji/2199.svg" />'); |       expect(emojify('↙️')).toEqual('<img draggable="false" class="emojione" alt="↙️" title=":arrow_lower_left:" src="/emoji/2199.svg">'); | ||||||
|     }); |     }); | ||||||
| 
 | 
 | ||||||
|     it('avoid emojifying on invisible text', () => { |     it('avoid emojifying on invisible text', () => { | ||||||
|  | @ -67,26 +67,26 @@ describe('emoji', () => { | ||||||
| 
 | 
 | ||||||
|     it('avoid emojifying on invisible text with nested tags', () => { |     it('avoid emojifying on invisible text with nested tags', () => { | ||||||
|       expect(emojify('<span class="invisible">😄<span class="foo">bar</span>😴</span>😇')) |       expect(emojify('<span class="invisible">😄<span class="foo">bar</span>😴</span>😇')) | ||||||
|         .toEqual('<span class="invisible">😄<span class="foo">bar</span>😴</span><img draggable="false" class="emojione" alt="😇" title=":innocent:" src="/emoji/1f607.svg" />'); |         .toEqual('<span class="invisible">😄<span class="foo">bar</span>😴</span><img draggable="false" class="emojione" alt="😇" title=":innocent:" src="/emoji/1f607.svg">'); | ||||||
|       expect(emojify('<span class="invisible">😄<span class="invisible">😕</span>😴</span>😇')) |       expect(emojify('<span class="invisible">😄<span class="invisible">😕</span>😴</span>😇')) | ||||||
|         .toEqual('<span class="invisible">😄<span class="invisible">😕</span>😴</span><img draggable="false" class="emojione" alt="😇" title=":innocent:" src="/emoji/1f607.svg" />'); |         .toEqual('<span class="invisible">😄<span class="invisible">😕</span>😴</span><img draggable="false" class="emojione" alt="😇" title=":innocent:" src="/emoji/1f607.svg">'); | ||||||
|       expect(emojify('<span class="invisible">😄<br/>😴</span>😇')) |       expect(emojify('<span class="invisible">😄<br>😴</span>😇')) | ||||||
|         .toEqual('<span class="invisible">😄<br/>😴</span><img draggable="false" class="emojione" alt="😇" title=":innocent:" src="/emoji/1f607.svg" />'); |         .toEqual('<span class="invisible">😄<br>😴</span><img draggable="false" class="emojione" alt="😇" title=":innocent:" src="/emoji/1f607.svg">'); | ||||||
|     }); |     }); | ||||||
| 
 | 
 | ||||||
|     it('skips the textual presentation VS15 character', () => { |     it('skips the textual presentation VS15 character', () => { | ||||||
|       expect(emojify('✴︎')) // This is U+2734 EIGHT POINTED BLACK STAR then U+FE0E VARIATION SELECTOR-15
 |       expect(emojify('✴︎')) // This is U+2734 EIGHT POINTED BLACK STAR then U+FE0E VARIATION SELECTOR-15
 | ||||||
|         .toEqual('<img draggable="false" class="emojione" alt="✴" title=":eight_pointed_black_star:" src="/emoji/2734_border.svg" />'); |         .toEqual('<img draggable="false" class="emojione" alt="✴" title=":eight_pointed_black_star:" src="/emoji/2734_border.svg">'); | ||||||
|     }); |     }); | ||||||
| 
 | 
 | ||||||
|     it('does an simple emoji properly', () => { |     it('does an simple emoji properly', () => { | ||||||
|       expect(emojify('♀♂')) |       expect(emojify('♀♂')) | ||||||
|         .toEqual('<img draggable="false" class="emojione" alt="♀" title=":female_sign:" src="/emoji/2640.svg" /><img draggable="false" class="emojione" alt="♂" title=":male_sign:" src="/emoji/2642.svg" />'); |         .toEqual('<img draggable="false" class="emojione" alt="♀" title=":female_sign:" src="/emoji/2640.svg"><img draggable="false" class="emojione" alt="♂" title=":male_sign:" src="/emoji/2642.svg">'); | ||||||
|     }); |     }); | ||||||
| 
 | 
 | ||||||
|     it('does an emoji containing ZWJ properly', () => { |     it('does an emoji containing ZWJ properly', () => { | ||||||
|       expect(emojify('💂♀️💂♂️')) |       expect(emojify('💂♀️💂♂️')) | ||||||
|         .toEqual('<img draggable="false" class="emojione" alt="💂\u200D♀️" title=":female-guard:" src="/emoji/1f482-200d-2640-fe0f_border.svg" /><img draggable="false" class="emojione" alt="💂\u200D♂️" title=":male-guard:" src="/emoji/1f482-200d-2642-fe0f_border.svg" />'); |         .toEqual('<img draggable="false" class="emojione" alt="💂\u200D♀️" title=":female-guard:" src="/emoji/1f482-200d-2640-fe0f_border.svg"><img draggable="false" class="emojione" alt="💂\u200D♂️" title=":male-guard:" src="/emoji/1f482-200d-2642-fe0f_border.svg">'); | ||||||
|     }); |     }); | ||||||
|   }); |   }); | ||||||
| }); | }); | ||||||
|  |  | ||||||
|  | @ -19,10 +19,13 @@ const emojiFilename = (filename) => { | ||||||
|   return borderedEmoji.includes(filename) ? (filename + '_border') : filename; |   return borderedEmoji.includes(filename) ? (filename + '_border') : filename; | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
|  | const domParser = new DOMParser(); | ||||||
|  | 
 | ||||||
| const emojifyTextNode = (node, customEmojis) => { | const emojifyTextNode = (node, customEmojis) => { | ||||||
|   const parentElement = node.parentElement; |  | ||||||
|   let str = node.textContent; |   let str = node.textContent; | ||||||
| 
 | 
 | ||||||
|  |   const fragment = new DocumentFragment(); | ||||||
|  | 
 | ||||||
|   for (;;) { |   for (;;) { | ||||||
|     let match, i = 0; |     let match, i = 0; | ||||||
| 
 | 
 | ||||||
|  | @ -64,12 +67,16 @@ const emojifyTextNode = (node, customEmojis) => { | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|  |     fragment.append(document.createTextNode(str.slice(0, i))); | ||||||
|  |     if (replacement) { | ||||||
|  |       fragment.append(domParser.parseFromString(replacement, 'text/html').documentElement.getElementsByTagName('img')[0]); | ||||||
|  |     } | ||||||
|     node.textContent = str.slice(0, i); |     node.textContent = str.slice(0, i); | ||||||
|     parentElement.insertAdjacentHTML('beforeend', replacement); |  | ||||||
|     str = str.slice(rend); |     str = str.slice(rend); | ||||||
|     node = document.createTextNode(str); |  | ||||||
|     parentElement.append(node); |  | ||||||
|   } |   } | ||||||
|  | 
 | ||||||
|  |   fragment.append(document.createTextNode(str)); | ||||||
|  |   node.parentElement.replaceChild(fragment, node); | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| const emojifyNode = (node, customEmojis) => { | const emojifyNode = (node, customEmojis) => { | ||||||
|  |  | ||||||
|  | @ -13,11 +13,11 @@ module Mastodon | ||||||
|     end |     end | ||||||
| 
 | 
 | ||||||
|     def patch |     def patch | ||||||
|       0 |       1 | ||||||
|     end |     end | ||||||
| 
 | 
 | ||||||
|     def flags |     def flags | ||||||
|       'rc4' |       '' | ||||||
|     end |     end | ||||||
| 
 | 
 | ||||||
|     def suffix |     def suffix | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue