How it works:
1. when a fulltext search is made, Shaarli looks for the first
occurence position of every term matching the search. No change here,
but we store these positions in an array, in Bookmark's additionalContent.
2. when formatting bookmarks (through BookmarkFormatter
implementation):
1. first we insert specific tokens at every search result positions
2. we format the content (escape HTML, apply markdown, etc.)
3. as a last step, we replace our token with displayable span
elements
Cons: this tightens coupling between search filters and formatters
Pros: it was absolutely necessary not to perform the
search twice. this solution has close to no impact on performances.
Fixes#205
XSS vulnerabilities fixed in editlink, linklist, tag.cloud and tag.list.
Also fixed tag search with special characters: urlencode function needs to be applied on raw data, before espaping, otherwise the rendered URL is wrong.
Mostly in order to get rid of deprecated deps, and upgrade vulnerable ones.
- Upgrade webpack from 3.x to 4.x
- Moved babel package to main repo
- Replaced deprecated extract-text-webpack-plugin with extract-text-webpack-plugin
- Replaced deprecated babel-minify-webpack-plugin with terser-webpack-plugin
- Replaced deprecated node-sass with (dart) sass package
- Replaced deprecated sass-lint with stylelint (the rules might be a bit different
Related to #1531: trivy doesn't raise any more issue
With the new routes, all pages are not all at the same folder level anymore
(e.g. /shaare and /shaare/123), so we can't just use './' everywhere.
The most consistent way to handle this is to prefix all path with the proper variable,
and handle the actual path in controllers.
* Adds a new core plugin to override default template colors
* Adds a new hook when plugin settings are saved
(`save_plugin_parameters`)
* Use CSS native variables for main colors instead of SASS variables
* Disable SASS sort order rules due to a bug in the plugin
Fixes#1312
- add a default thumb size value (125x90px)
- improve private vertical bar visual, especially with thumbnails
- translations
- add a sync thumbs button in tool and empty picwall page
- fixes WT download mode in JSON config
