Replace Markup.js with Jade [1] for real templating (like expression
evaluation and sane syntax). Jade compiles directly to JavaScript which
makes it possible to only have Jade as build dependency with a tiny
runtime wrapper for the client (around 40% of Markup.js's size).
Templates are rewritten for Jade but do not use all features from Jade
(such as filters, mixins and includes) for now.
A simple requirejs-jade wrapper to compile Jade during runtime is
already included.
i18n
----
I also rewrote the i18n module and moved translation and pluralization
functions back into the module, thus decoupling it from the previous
markup language. The module now exposes:
* i18n.translate(msgid) -> string
* i18n.pluralize(msgid, n) -> string
I18n depends on app/config and thus has access to the user's prefered
language and exposes both function with `i18n.lang` already set. If the
msgid was not found, it returns "???" (like Markup.js).
The pluralization function replaces `{{ n }}` with the function argument
just like with Markup.js (to keep the diffs clean).
[1] http://jade-lang.com/
Mainly because of the sluggish auto-resize "feature" which comes for
free when using a content-editable div.
If you use a custom CSS, make sure you replace textarea (element with
.textarea (class) and set `white-space: pre`.
The old way via `GET /count?uri=...` still works, but is now deprecated
and might be removed in future releases.
The new way is much more efficient especially fore multiple listings.
The internal implemention is improvable though.
As a result, it is no longer possible to chain promises
(then().then().then(etc.)), but that is actually not an issue for Isso.
The deferred/promise implementation is roughly based on
http://stackoverflow.com/a/17722683 and stackp/promisejs.
The previous approach using a custom X-Custom header did work for the
client-side, but not for activation and deletion links. Now, you need
to add a `name = foo` option to the general section. `isso.dispatch`
then binds this configuration to /foo and can distinguish all API
calls without a special HTTP header.
When an attacker uses a <form> to downvote a comment, the browser
*should* add a `Content-Type: ...` header with three possible values:
* application/x-www-form-urlencoded
* multipart/form-data
* text/plain
If the header is not sent or requests `application/json`, the
request is not forged (XHR is restricted by CORS separately).
All data-attributes beginning with `data-isso-` are stored in
`api.config` (without leading data-isso-). Isso tries to parse
the values with JSON (e.g. `-isso-foo="false"` returns false)
and falls back for a simple string value.
Cookies set from a different domain can not be read by JS executed in
the current domain. As a workaround, Isso sends both a Set-Cookie and
X-Set-Cookie header. The former is used by the browser to make the
HTTP request to the API, the latter is read by `embed.min.js` to
determine if a comment can be edited or deleted.
When a comment is deleted, the server sends an expired cookies in
Set-Cookie and X-Set-Cookie.
Previously this led to unnecessary object creation which impacted the
rendering time (on my machine 200 comments -> 1200ms) just to create
the postbox per comment (just the object initialization)).
Then, use bower to fetch components and put libraries not
available as (web) component into vendor/.
Move crypto parts and identicon generation modules into app/lib.
* refactor JS (a lot)
* use a CSS framework (neat/bourbon), because CSS is hard
* up/downvote comments
* cleaner HTML
* HTML inclusion in JS
* SVG icons for reference, up and downvote
* basic i18n: english and german supported ootb
* lazy (because slow) client-side identicon generation (preview ability)
* removed website input field for no particular reason
* remove HTML.js in favour of a homebrew DOM manipulation tool
This commit also introduces a new db which maps path to thread title.
The title is read by parsing the HTML for a related <h1> tag using
`html5lib`.
You can set up SMTP in your configuration (here the defaults):
[SMTP]
host = localhost
port = 465
ssl = on
username =
password =
recipient =
sender =
In short, by default Isso uses a local SMTP server using SSL without
any authentication. An email is send on comment creation to "recipient"
from "Ich schrei sonst <sender>".
This commit also uses a simple ANSI colorization module from my static
blog compiler project.
On server startup, Isso will connect to the SMTP server and fall back to
a null mailer. It also tries to connect to your website, so if that
doesn't work, you probably can't comment on your website either.
A separate (minified) JS to load only the comment count for each
`<a href="...#isso-thread">...</a>` link. If there are no comments,
return a 404, otherwise return the number JSON formatted.
To built `count.ks`, run `r.js -o build.count.js`.
Martin Zimmermann