1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-01 03:02:43 +01:00
Commit graph

17 commits

Author SHA1 Message Date
Jakub Vrana
e8dd67b88c Properly escape inline <script>
Test Plan:
Loaded Phabricator page, checked the source code. Also:

    $c_uri = '//connect.facebook.net/en_US/all.js#xfbml=1&appId=';
    echo CelerityStaticResourceResponse::renderInlineScript(
      jsprintf(
        'console.log(%s); // </script>
        %s',
        $c_uri,
        "</script><b>x</b>"));

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5741
2013-04-20 17:55:47 -07:00
Jakub Vrana
daed35e36c Avoid double slash in Celerity path
Summary: Fished from logs, it probably doesn't cause any real problems.

Test Plan: Looked at logs.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5350
2013-03-14 12:03:26 -07:00
vrana
c9838d81e2 Don't reload page after clicking on Diffusion line link
Summary:
For a single line, I can use the right click.
But for highlighting multiple lines, I have to wait for page reload.

It would be nice to track this in history but that's more involved.
This is actually maybe better behavior.

Test Plan: Clicked on the line link, dragged and dropped on it.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5172
2013-03-04 13:46:34 -08:00
epriestley
ef7f16180c Restore merge of phutil_tag. 2013-02-13 14:51:18 -08:00
epriestley
73cce6e131 Revert "Promote phutil-tag again"
This reverts commit 8fbabdc06d, reversing
changes made to 2dab1c1e42.
2013-02-13 14:08:57 -08:00
epriestley
4bd2ad9270 Merge branch 'master' into phutil_tag
Auditors: vrana
2013-02-13 12:42:57 -08:00
vrana
4eb84149c2 Convert everything to safe HTML
Summary: Sgrepped for `"=~/</"` and manually changed every HTML.

Test Plan: This doesn't work yet but it is hopefully one of the last diffs before Phabricator will be undoubtedly HTML safe.

Reviewers: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4927
2013-02-13 12:35:40 -08:00
epriestley
1e74c05ac6 Add timestamps to development-mode static resource URIs
Summary:
When a developer changes CSS, it is normally sufficient to reload the page to get changes to show up, because browsers revalidate resources on reload.

However, if you reload the page and then an Ajax request adds new CSS to the page, this CSS does not trigger revalidation. The developer must currently clear their cache or re-run `scripts/celerity_mapper.php webroot`, to get this request to skip cache. We rarely use CSS over Ajax right now, so this hasn't cropped up much, but Conpherence does use this and clearing the resource is a big pain.

This seems to work fine normally, but I'm worried it might break some of the extra-celerity-resources stuff Facebook is doing.

Test Plan: In development mode, changed `conpherence/message-pane.css` and saw changes reflected on reload. Verified normal page loads do not cause additional HTTP requests. This change has no effect in production mode.

Reviewers: edward, vrana, btrahan

Reviewed By: vrana

CC: aran

Maniphest Tasks: T2428

Differential Revision: https://secure.phabricator.com/D4902
2013-02-11 11:06:41 -08:00
epriestley
f5827871d5 When a page is profiled, profile all AJAX requests too
Summary: If a page is profiled, add an "X-Phabricator-Profiler" header to all Ajax requests, and profile those too.

Test Plan: Profiled a page, checked Darkconsole, saw profiles for everything.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4885
2013-02-09 13:29:47 -08:00
epriestley
fc4cb57357 Fix JSON encoding of PhutilSafeHTML for browser consumption
Summary:
If you run this code:

  json_encode(array('tag' => phutil_tag('div', array())));

...you get this result, because json_encode() does not call toString() on objects:

  {"tag":{}}

Instead, convert such objects to their underlying strings. Javelin has support for JX.HTML and for implicit conversion (which is kind of sketchy for other reasons) but it's sort of complicated (only happens on Ajax, not behaviors) and messy (not metadata-based), so ignore it for now.

We'll need to do something similar for serialization to the database. My plan there is just to throw on any objects. The only time we put HTML in the database is cache-related and those tiny number of callsites can manually handle it.

Test Plan: Various ajax things now receive the correct data.

Reviewers: vrana

Reviewed By: vrana

CC: aran

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4684
2013-01-28 18:11:27 -08:00
vrana
20768d65d5 Convert phutil_render_tag(X, Y, '...') to phutil_tag
Summary:
Created with spatch:

  lang=diff
  - phutil_render_tag
  + phutil_tag
    (X, Y, '...')

Then searched for `&` and `<` in the output and replaced them.

Test Plan: Loaded homepage.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4503
2013-01-24 19:20:27 -08:00
vrana
f8dbfdd59d Convert phutil_render_tag(X, Y) to phutil_tag
Summary:
Created with spatch:

  lang=diff
  - phutil_render_tag
  + phutil_tag
    (X, Y)

(and null manually)

Test Plan: Loaded homepage

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4500
2013-01-24 19:08:54 -08:00
epriestley
7138427a05 Modify Celerity to emit required resources on Ajax responses
Summary: Companion diff to D4003.

Test Plan: Rigged up a response which loaded a CSS file with `body { background: red; }`, verified page turned red after I clicked the button.

Reviewers: vrana, chad, btrahan

Reviewed By: chad

CC: aran

Maniphest Tasks: T2086

Differential Revision: https://secure.phabricator.com/D4004
2012-11-21 08:37:01 -08:00
vrana
ef85f49adc Delete license headers from files
Summary:
This commit doesn't change license of any file. It just makes the license implicit (inherited from LICENSE file in the root directory).

We are removing the headers for these reasons:

- It wastes space in editors, less code is visible in editor upon opening a file.
- It brings noise to diff of the first change of any file every year.
- It confuses Git file copy detection when creating small files.
- We don't have an explicit license header in other files (JS, CSS, images, documentation).
- Using license header in every file is not obligatory: http://www.apache.org/dev/apply-license.html#new.

This change is approved by Alma Chao (Lead Open Source and IP Counsel at Facebook).

Test Plan: Verified that the license survived only in LICENSE file and that it didn't modify externals.

Reviewers: epriestley, davidrecordon

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2035

Differential Revision: https://secure.phabricator.com/D3886
2012-11-05 11:16:51 -08:00
epriestley
b9f84ebba8 Always use absolute URIs for static resources
Summary: I think this is simpler and better than making them conditional. In properly configured installs this should have no impact (they already use a CDN URI). In not-quite-properly configured installs this will add a trivial, highly-compressible number of bytes to the source. In all cases we have less code.

Test Plan: Loaded some pages, everything worked.

Reviewers: btrahan, vrana

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D3709
2012-10-16 09:44:53 -07:00
Bob Trahan
ce1a585166 Make celerity be able to render full uris
Summary: ...and use 'em in the phame blog case.

Test Plan: viewed blog.phabricator.dev and it actually looked right!

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1373

Differential Revision: https://secure.phabricator.com/D3666
2012-10-09 09:31:20 -07:00
vrana
6cc196a2e5 Move files in Phabricator one level up
Summary:
- `kill_init.php` said "Moving 1000 files" - I hope that this is not some limit in `FileFinder`.
- [src/infrastructure/celerity] `git mv utils.php map.php; git mv api/utils.php api.php`
- Comment `phutil_libraries` in `.arcconfig` and run `arc liberate`.

NOTE: `arc diff` timed out so I'm pushing it without review.

Test Plan:
/D1234
Browsed around, especially in `applications/repository/worker/commitchangeparser` and `applications/` in general.

Auditors: epriestley

Maniphest Tasks: T1103
2012-06-01 12:32:44 -07:00
Renamed from src/infrastructure/celerity/response/CelerityStaticResourceResponse.php (Browse further)