When a browser doesn't support DOM manipulation convenience methods,
the addition of the feed link was triggering an error because elements
created by `$.new()` are regular elements, not elements from our own
mini-DOM implementation. Therefore, the `append()` method may be
absent. Use `appendChild()` instead.
`python setup.py install` installs it outside the virtualenv (because
it's in `setup_requires`?), then reuse it as is when installing the
dependencies. On the final container, cffi is therefore missing.
When the button is clicked, the /preview endpoint is used to render a
preview text. The preview is inserted and the preview button is
replaced by an edit button to go back to edit mode. Alternatively, the
use can click on the preview to edit.
Some small CSS modifications are done to accomodate the
modification. Also, the preview is wrapped into `.isso-common
.text-wrapper .text` to not make the CSS more complex.
When in preview mode, the background is stripped/greyish in case it's not easy
to make a difference between preview and not preview (due to
unformatted text). We avoid to modify borders/shadow boxes because it
would make the design "jumpy".
On server-side, this can be enabled by providing a base URL to use to
build the full URL. Limit also becomes configurable. On client-side,
we need to add a switch to know whatever or not the additional link
can be displayed.
"nofollow" is a deterrent for spammers: they cannot put links and hope
to increase their SEO when all these links have the nofollow
relationship.
"noopener" is a security for links opening a new window. They ensure
the target cannot control us.
Fix#373
Use of eval is handy when we need to automatically reload a
template. However, in production, this is slow and unsafe. Moreover,
when using CSP, we have to use 'unsafe-eval' which brings shame to
most of us. It appears use of eval() is not needed because the
template has already been translated to Javascript. We just need to
bind "jade" to its local scope.
So, we add an additional wrapper function binding "jade" to the local
scope. Moreover, when compiling the template, we add a flag to the
function to know it has already been compiled. In this case, we
execute it with "jade" in its scope. Otherwise, we keep using eval.
Quickly tested in both situations. Seem to work.
Fix#274.
Many of the Docker images on hub.docker.com are outdated. The one
specified in the documentation doesn't exist anymore. We provide a
decent Dockerfile to build our own Docker image.
This uses a multi-stage build to avoid polluting the final image with
the intermediate artifacts. The final image is 155 MB. It should be
possible to squeeze it even more by using Alpine Linux for the last
two parts instead of Stretch.
The service is using gunicorn. The user is expected to complete the
installation with a reverse proxy configuration.