Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: basecamp/trix
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v2.1.10
Choose a base ref
...
head repository: basecamp/trix
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v2.1.12
Choose a head ref
  • 17 commits
  • 14 files changed
  • 6 contributors

Commits on Dec 10, 2024

  1. Make DOMPurify configurable 

    Expose Trix.config.dompurify to allow users to configure DOMPurify.
Additionally avoid stripping data-trix-* attributes.
    @djmb
    djmb committed Dec 10, 2024
    Configuration menu
    Copy the full SHA
    da9d999 View commit details
    Browse the repository at this point in the history

Commits on Dec 11, 2024

  1. Fix sanitization checks

    @djmb
    djmb committed Dec 11, 2024
    Configuration menu
    Copy the full SHA
    d910855 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #1208 from basecamp/dom-purify-config 

    Make DOMPurify configurable
    @djmb
    djmb authored Dec 11, 2024
    Configuration menu
    Copy the full SHA
    32b0431 View commit details
    Browse the repository at this point in the history

Commits on Dec 17, 2024

  1. Allow comments in attachments 

    If SAFE_FOR_XML is true all comments are removed from attachments.

See: #1213
    @djmb
    djmb committed Dec 17, 2024
    Configuration menu
    Copy the full SHA
    692fa98 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #1214 from basecamp/disable-safe-for-xml 

    Allow comments in attachments
    @djmb
    djmb authored Dec 17, 2024
    Configuration menu
    Copy the full SHA
    f4d8e5c View commit details
    Browse the repository at this point in the history

  3. Switch from node-sass to sass 

    node-sass is deprecated and doesn't work on newer platforms (e.g. arm64)
    Jacopo Beschi committed Dec 17, 2024
    Configuration menu
    Copy the full SHA
    903b51f View commit details
    Browse the repository at this point in the history

  4. Merge pull request #1215 from basecamp/switch-to-sass 

    Switch from node-sass to sass
    @jorgemanrubia
    jorgemanrubia authored Dec 17, 2024
    Configuration menu
    Copy the full SHA
    6214af4 View commit details
    Browse the repository at this point in the history

  5. SCSS: Switch to compile 

    Use `compile` instead the deprecated `render` method.
No changes to the generated `.css`.

See https://sass-lang.com/documentation/js-api/functions/render/
    Jacopo Beschi committed Dec 17, 2024
    Configuration menu
    Copy the full SHA
    b67b642 View commit details
    Browse the repository at this point in the history

  6. Reintroduce yarn build --watch 

    #1215 indirectly removed the `--watch` mode, by switching SCSS compilation
to a node.js file. This was required because the `sass` CLI doesn't support the `--function` for custom functions.
Now reintroduce it back using `chokidar`. This also fixes `yarn start` command.
    Jacopo Beschi committed Dec 17, 2024
    Configuration menu
    Copy the full SHA
    37e9464 View commit details
    Browse the repository at this point in the history

  7. Merge pull request #1216 from basecamp/fix-yarn-start 

    Reintroduce yarn build --watch
    @jorgemanrubia
    jorgemanrubia authored Dec 17, 2024
    Configuration menu
    Copy the full SHA
    4f279fd View commit details
    Browse the repository at this point in the history

Commits on Dec 18, 2024

  1. v2.1.11

    @djmb
    djmb committed Dec 18, 2024
    Configuration menu
    Copy the full SHA
    f4d64c2 View commit details
    Browse the repository at this point in the history

  2. Fix XSS via javascript: url in a link 

    Prevously, was possible to trigger XSS setting as link an URL like
`javascript:alert('XSS')`.
Fix it via a custom HTML input validation pattern to block both
`javascript:` and `data:` URLs.
    Jacopo Beschi committed Dec 18, 2024
    Configuration menu
    Copy the full SHA
    12ee782 View commit details
    Browse the repository at this point in the history

Commits on Dec 19, 2024

  1. Switch from JS pattern to DOMPurity.isValidAttribute 

    This should any cover edge case not covered by the Regexp.
    Jacopo Beschi committed Dec 19, 2024
    Configuration menu
    Copy the full SHA
    f432478 View commit details
    Browse the repository at this point in the history

Commits on Dec 20, 2024

  1. Merge commit from fork 

    Fix XSS via `javascript:` url in a link
    @intrip
    intrip authored Dec 20, 2024
    Configuration menu
    Copy the full SHA
    180c8d3 View commit details
    Browse the repository at this point in the history

  2. Refactor link XSS patch 

    - use `isSafeAttribute` instead of `safeAttribute`
- Extract conditional to an outer if
- Add parenthesys for clarity
    Jacopo Beschi committed Dec 20, 2024
    Configuration menu
    Copy the full SHA
    c707f41 View commit details
    Browse the repository at this point in the history

  3. Merge pull request #1218 from basecamp/refactor-xss-fix 

    Refactor link XSS patch
    @intrip
    intrip authored Dec 20, 2024
    Configuration menu
    Copy the full SHA
    c4f0d6f View commit details
    Browse the repository at this point in the history

  4. v2.1.12

    @jorgemanrubia
    jorgemanrubia committed Dec 20, 2024
    Configuration menu
    Copy the full SHA
    7bf3e5a View commit details
    Browse the repository at this point in the history
Loading