- There is a new standalone script (metadata.js) which requests
a new controller to get bookmark metadata and fill the form async
- This feature is enabled with the new setting: general.enable_async_metadata
(enabled by default)
- general.retrieve_description is now enabled by default
- A small rotating loader animation has a been added to bookmark inputs
when metadata is being retrieved (default template)
- Custom JS htmlentities has been removed and mathiasbynens/he
library is used instead
Fixes#1563
XSS vulnerabilities fixed in editlink, linklist, tag.cloud and tag.list.
Also fixed tag search with special characters: urlencode function needs to be applied on raw data, before espaping, otherwise the rendered URL is wrong.
With the new routes, all pages are not all at the same folder level anymore
(e.g. /shaare and /shaare/123), so we can't just use './' everywhere.
The most consistent way to handle this is to prefix all path with the proper variable,
and handle the actual path in controllers.
