7f55c81e08
autopep8 the code and then flake8
6 years ago
2b56963f31
fix pyflakes error, make travis happy
6 years ago
d2b573a4d5
Merge pull request #256 from blatinier/issue-10/admin-interface
...
Add a basic admin interface (Fix issue #10 )
There are more to add in the interface but it's a good start.
7 years ago
8c33a84dd3
Merge pull request #253 from jGleitz/apidoc
...
Update API documentation.
7 years ago
2adb779fef
add: edit author/email/website/message
7 years ago
e3fddf4ae8
add: orders in administration
7 years ago
3212bf762f
fix 500 error on pagination
7 years ago
0b6a0e4d5f
add: group by thread
7 years ago
0a93c866ff
Add a basic admin interface (Fix issue #10 )
...
Add a basic admin interface (Fix issue #10 )
wip again
still wip
fix login page
7 years ago
46b2874b3d
Merge pull request #252 from blatinier/issue-27/data-attr-overide
...
Fix issue #27 on override thread discovery with custom data-attributes
8 years ago
3c9bbda252
preview endpoint
8 years ago
2a11c000d4
convert bad tabs to spaces
8 years ago
8a9fe29bce
apidoc for count
8 years ago
afd4107ac3
apidoc for like & dislike
8 years ago
ded4927ae4
apidoc for moderate
8 years ago
c3439e5c79
apidoc for "delete comment"
8 years ago
9b79a98851
apidoc for "edit comment"
8 years ago
1f804bcf8e
apidoc for "view comment"
8 years ago
b2d9c80b5f
apidoc for "new comment"
8 years ago
5ca5d680fa
apidoc for fetch
8 years ago
f1325ccaca
Fix issue #27 on override thread discovery with custom data-attributes
8 years ago
721e87a843
Merge branch 'legacy/0.9'
...
Conflicts:
CHANGES.rst
docs/docs/configuration/client.rst
setup.py
10 years ago
c8acd461d3
do not export email field
10 years ago
f7e51fd03d
Merge branch 'legacy/0.9'
...
Conflicts:
CHANGES.rst
isso/core.py
setup.py
10 years ago
4a8cbcd8f0
limit request size, closes #107
10 years ago
ce9781df51
Merge branch 'legacy/0.9'
...
Conflicts:
CHANGES.rst
isso/core.py
isso/dispatch.py
setup.py
10 years ago
35acf1e17e
from __future__ import unicode_literals
10 years ago
9260e143f1
decouple hash generation from comment view and allow customization
...
Tests now use a dummy hash function that does nothing (basically) and
run a bit faster now.
10 years ago
a741c62cd6
use python-passlib fallback on Debian
10 years ago
211f637569
remove Django's PBKDF2 in favour of werkzeug.security.pbkdf2_hex
10 years ago
8b5462ed2e
remove /check-ip
10 years ago
8fefe3a616
fix hidden reply to deleted comment (and change a few names)
10 years ago
5b0ce6471a
add website input
10 years ago
59bfde7c03
idiomatic python
...
* make "process_fetched_list" private
* rename fetch_args to args
* a few logic simplifications
10 years ago
abc0eaaf1d
Handle limit/nested_limit zero
...
This returns zero comments now
10 years ago
54b156844b
Add max-comments limit for nested replies
10 years ago
a5d8a0cfe1
Change in API: hidden_replies field instead of passed_replies
10 years ago
3c3e83b05c
Bug in API: Reply count should also filter by the after value passed
10 years ago
8fdceeaafb
Handle edge cases occuring in tests
10 years ago
71024cea70
API update - new comments format
10 years ago
cb0acc5ac0
Add a basic demo page
10 years ago
5ce48de94a
add POST request to get comment counts for multiple URLs
...
The old way via `GET /count?uri=...` still works, but is now deprecated
and might be removed in future releases.
The new way is much more efficient especially fore multiple listings.
The internal implemention is improvable though.
10 years ago
d93d77c8c7
refactor markup and sanitization code
...
This commit introduces a new configuration section [markup] to refine
Misaka's Markdown extensions (by default strikethrough, superscript and
autolink).
Furthermore, you can set custom HTML elements/attributes that are
allowed, e.g. to enable images, set
[markup]
allowed-elements = img
allowed-attributes = src
The refactorization separates HTML sanitization from Markdown -> HTML
and allows to include new markup languages such as BB Code or
reStructuredText.
10 years ago
3a1f92b8bd
use html5lib's sanitizer, supersedes 3713d5e
...
Python's HTMLParser is smart enough to filter malicious tags but fails
to repair invalid, user-inputted HTML. Instead of re-inventing the
wheel, Isso now uses html5lib's HTMLSanitizer with a whitelist of all
tags generated by Sundown.
Disallowed tags are discarded from the output to match the previous
unittests. This feature is only available for html5lib 0.99(9) and
later. Earlier releases just escape disallowed tags.
11 years ago
85e637d017
simplify JSON response
11 years ago
82da63a81b
check if hash is a base-16 string
11 years ago
f81b955aa5
use SHA1 instead of MD5 to verify comment owner
11 years ago
150726df13
Merge branch 'feature/27', override thread id
11 years ago
77df31d06f
override thread discovery with data-isso-id="...", close #27
11 years ago
232e2fb474
another approach to fix #40 (return 403 on false Content-Type)
...
When an attacker uses a <form> to downvote a comment, the browser
*should* add a `Content-Type: ...` header with three possible values:
* application/x-www-form-urlencoded
* multipart/form-data
* text/plain
If the header is not sent or requests `application/json`, the
request is not forged (XHR is restricted by CORS separately).
11 years ago
cclauss