cclauss
7f55c81e08
autopep8 the code and then flake8
6 years ago
Benoît Latinier
2b56963f31
fix pyflakes error, make travis happy
6 years ago
Benoît Latinier
d2b573a4d5
Merge pull request #256 from blatinier/issue-10/admin-interface
...
Add a basic admin interface (Fix issue #10 )
There are more to add in the interface but it's a good start.
7 years ago
Jelmer Vernooij
8c33a84dd3
Merge pull request #253 from jGleitz/apidoc
...
Update API documentation.
7 years ago
Benoît Latinier
2adb779fef
add: edit author/email/website/message
7 years ago
Benoît Latinier
e3fddf4ae8
add: orders in administration
7 years ago
Benoît Latinier
3212bf762f
fix 500 error on pagination
7 years ago
Benoît Latinier
0b6a0e4d5f
add: group by thread
7 years ago
Benoît Latinier
0a93c866ff
Add a basic admin interface (Fix issue #10 )
...
Add a basic admin interface (Fix issue #10 )
wip again
still wip
fix login page
7 years ago
Martin Zimmermann
46b2874b3d
Merge pull request #252 from blatinier/issue-27/data-attr-overide
...
Fix issue #27 on override thread discovery with custom data-attributes
8 years ago
Joshua Gleitze
3c9bbda252
preview endpoint
8 years ago
Joshua Gleitze
2a11c000d4
convert bad tabs to spaces
8 years ago
Joshua Gleitze
8a9fe29bce
apidoc for count
8 years ago
Joshua Gleitze
afd4107ac3
apidoc for like & dislike
8 years ago
Joshua Gleitze
ded4927ae4
apidoc for moderate
8 years ago
Joshua Gleitze
c3439e5c79
apidoc for "delete comment"
8 years ago
Joshua Gleitze
9b79a98851
apidoc for "edit comment"
8 years ago
Joshua Gleitze
1f804bcf8e
apidoc for "view comment"
8 years ago
Joshua Gleitze
b2d9c80b5f
apidoc for "new comment"
8 years ago
Joshua Gleitze
5ca5d680fa
apidoc for fetch
8 years ago
Benoît Latinier
f1325ccaca
Fix issue #27 on override thread discovery with custom data-attributes
8 years ago
Martin Zimmermann
721e87a843
Merge branch 'legacy/0.9'
...
Conflicts:
CHANGES.rst
docs/docs/configuration/client.rst
setup.py
10 years ago
Martin Zimmermann
c8acd461d3
do not export email field
10 years ago
Martin Zimmermann
f7e51fd03d
Merge branch 'legacy/0.9'
...
Conflicts:
CHANGES.rst
isso/core.py
setup.py
10 years ago
Martin Zimmermann
4a8cbcd8f0
limit request size, closes #107
10 years ago
Martin Zimmermann
ce9781df51
Merge branch 'legacy/0.9'
...
Conflicts:
CHANGES.rst
isso/core.py
isso/dispatch.py
setup.py
10 years ago
Martin Zimmermann
35acf1e17e
from __future__ import unicode_literals
10 years ago
Martin Zimmermann
9260e143f1
decouple hash generation from comment view and allow customization
...
Tests now use a dummy hash function that does nothing (basically) and
run a bit faster now.
10 years ago
Martin Zimmermann
a741c62cd6
use python-passlib fallback on Debian
10 years ago
Martin Zimmermann
211f637569
remove Django's PBKDF2 in favour of werkzeug.security.pbkdf2_hex
10 years ago
Martin Zimmermann
8b5462ed2e
remove /check-ip
10 years ago
Martin Zimmermann
8fefe3a616
fix hidden reply to deleted comment (and change a few names)
10 years ago
Martin Zimmermann
5b0ce6471a
add website input
10 years ago
Martin Zimmermann
59bfde7c03
idiomatic python
...
* make "process_fetched_list" private
* rename fetch_args to args
* a few logic simplifications
10 years ago
Srijan Choudhary
abc0eaaf1d
Handle limit/nested_limit zero
...
This returns zero comments now
10 years ago
Srijan Choudhary
54b156844b
Add max-comments limit for nested replies
10 years ago
Srijan Choudhary
a5d8a0cfe1
Change in API: hidden_replies field instead of passed_replies
10 years ago
Srijan Choudhary
3c3e83b05c
Bug in API: Reply count should also filter by the after value passed
10 years ago
Srijan Choudhary
8fdceeaafb
Handle edge cases occuring in tests
10 years ago
Srijan Choudhary
71024cea70
API update - new comments format
10 years ago
Srijan Choudhary
cb0acc5ac0
Add a basic demo page
10 years ago
Martin Zimmermann
5ce48de94a
add POST request to get comment counts for multiple URLs
...
The old way via `GET /count?uri=...` still works, but is now deprecated
and might be removed in future releases.
The new way is much more efficient especially fore multiple listings.
The internal implemention is improvable though.
10 years ago
Martin Zimmermann
d93d77c8c7
refactor markup and sanitization code
...
This commit introduces a new configuration section [markup] to refine
Misaka's Markdown extensions (by default strikethrough, superscript and
autolink).
Furthermore, you can set custom HTML elements/attributes that are
allowed, e.g. to enable images, set
[markup]
allowed-elements = img
allowed-attributes = src
The refactorization separates HTML sanitization from Markdown -> HTML
and allows to include new markup languages such as BB Code or
reStructuredText.
10 years ago
Martin Zimmermann
3a1f92b8bd
use html5lib's sanitizer, supersedes 3713d5e
...
Python's HTMLParser is smart enough to filter malicious tags but fails
to repair invalid, user-inputted HTML. Instead of re-inventing the
wheel, Isso now uses html5lib's HTMLSanitizer with a whitelist of all
tags generated by Sundown.
Disallowed tags are discarded from the output to match the previous
unittests. This feature is only available for html5lib 0.99(9) and
later. Earlier releases just escape disallowed tags.
11 years ago
Martin Zimmermann
85e637d017
simplify JSON response
11 years ago
Martin Zimmermann
82da63a81b
check if hash is a base-16 string
11 years ago
Martin Zimmermann
f81b955aa5
use SHA1 instead of MD5 to verify comment owner
11 years ago
Martin Zimmermann
150726df13
Merge branch 'feature/27', override thread id
11 years ago
Martin Zimmermann
77df31d06f
override thread discovery with data-isso-id="...", close #27
11 years ago
Martin Zimmermann
232e2fb474
another approach to fix #40 (return 403 on false Content-Type)
...
When an attacker uses a <form> to downvote a comment, the browser
*should* add a `Content-Type: ...` header with three possible values:
* application/x-www-form-urlencoded
* multipart/form-data
* text/plain
If the header is not sent or requests `application/json`, the
request is not forged (XHR is restricted by CORS separately).
11 years ago