The old way via `GET /count?uri=...` still works, but is now deprecated
and might be removed in future releases.
The new way is much more efficient especially fore multiple listings.
The internal implemention is improvable though.
Store a random session key used to sign and verify comment ownership
once the database is initialized, not on every application startup.
Currently fixed session keys in [general] session-key are migrated into
the database on startup. The configuration parser will notice you about
the change and suggest you to remove this option.
Breaks CLI (and probably other modules that use `dist.version`):
[*]~/d/isso:master> isso -c sample.cfg run
Traceback (most recent call last):
File "/home/.../dev/isso/bin/isso", line 9, in <module>
load_entry_point('isso==0.8.dev0', 'console_scripts', 'isso')()
File "/home/.../dev/isso/isso/__init__.py", line 198, in main
parser.add_argument('--version', action='version', version='%(prog)s ' + dist.version)
AttributeError: 'module' object has no attribute 'version
This reverts commit 4e5e8c44f7.
This commit introduces a new configuration section [markup] to refine
Misaka's Markdown extensions (by default strikethrough, superscript and
autolink).
Furthermore, you can set custom HTML elements/attributes that are
allowed, e.g. to enable images, set
[markup]
allowed-elements = img
allowed-attributes = src
The refactorization separates HTML sanitization from Markdown -> HTML
and allows to include new markup languages such as BB Code or
reStructuredText.
Python's HTMLParser is smart enough to filter malicious tags but fails
to repair invalid, user-inputted HTML. Instead of re-inventing the
wheel, Isso now uses html5lib's HTMLSanitizer with a whitelist of all
tags generated by Sundown.
Disallowed tags are discarded from the output to match the previous
unittests. This feature is only available for html5lib 0.99(9) and
later. Earlier releases just escape disallowed tags.
To be compatible with comments from Disqus (and users unfamiliar with
Markdown), Misaka no longer disables user-inputted HTML, but the
generated HTML is now post-processed and all "unsafe" tags (not
possible with Markdown) are discarded.
Whitelist: p, a, pre, blockquote, h1-h6, em, sub, sup, del, ins, math,
dl, ol, ul, li
This commit also removes an unnecessary newline generated by
Misaka/Sundown.
This commit now sanitizes *all* HTML tags written by the user (also
prevents auto-link to "unsafe" web protocols and images) as intended.
Fortunately because of Sundown's typography support, it did not affect
JS injection, but custom style tags and iframes.
PS: thanks to the anonymous submitter of a comment including a style tag
for 24pt, red font ;-)
As a result, it is no longer possible to chain promises
(then().then().then(etc.)), but that is actually not an issue for Isso.
The deferred/promise implementation is roughly based on
http://stackoverflow.com/a/17722683 and stackp/promisejs.
