Doing this in the PHP code is not the right approach for multiple reasons:
1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.
This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
This function is often used in a wrong and potential dangerous way... Thus we should escape the URL per default and offer developers to disable the automatic escaping via an option parameter if they really want that behaviour.
Might break some things, however, those things are then easy to fix and we really have a ton of bugs caused by this...
Fixes https://github.com/owncloud/core/issues/14228
* options for timeout in seconds and if it contains HTML
* if timeout is 0 it will show the message permanently
* removes the notification after a given (default: 5 seconds) timeframe
* based on work by @brantje
* provide JS unit tests for notifications
* add disableEscape parameter to disable this functionality
* drop usage of escapeHTML() that is now done inside t()
* add unit test for escaped and not escaped placeholder
* proper JSDoc
Added addTranslations and fixed de.js file
Fixed de.js to use OC.L10N.register() and use to correct expected
format.
Added JS unit tests for OC.L10N class
Include translations JS script for all apps
When links are not allowed, the email field does not exist and
autocomplete returns null. This causes Javascript errors.
The fix prevents entering the bogus block when links aren't allowed, as
it doesn't make sense to enter it in such cases anyway.
Now using a natural sort algorithm that is more consistent between JS
and PHP (although not perfect in some corner cases)
- added OC.Util.naturalSortComparator that uses the same algo that was
used for the user list
- changed user list and files list to use OC.Util.naturalSortComparator
- removed toLowerCase() and changed the comparator to use
String.localeCompare()
- added unit tests
- added OC_NaturalSort that is used by OCP\Util::naturalSortCompare()
The parts of the remote share owner name is now split between user name,
domain name and root so they can be formatted / displayed differently.
The user name + domain name are displayed in the tooltip.
- serve CSS and font files properly to make sure that measurements are
correct for the tests that need them (breadcrumb)
- added opacity to testArea to make sure nothing is visible during
testing
Since OC.Share didn't have any array containing the list of shares for
the current file, OC.Share.currentShares has been introduced to contain
the full share item structure instead of the reduced one
OC.Share.itemShares.
The event "sharesChanged" is now passing OC.Share.currentShares, which
itself includes the display name to be displayed for the recipients in
the action icon.
- moved the summary code into a new class FileSummary
- FileSummary is calculated only once, then updated with add/remove
- added new OC.Util namespace for JS utility functions
- Moved code that replaces the "svg" extension for the given file to
core as OC.Util.replaceSVGIcon.
- Added unit test for OC.Util.replaceSVGIcon
- Moved "replaceSVG" to OC.Util.replaceSVG and deprecated the global
"replaceSVG" function.
- Added alias for SVGSupport() as OC.Util.hasSVGSupport() (for now)
- now correctly parse query strings with '+' signs
- empty values are now parsed either as null or empty string
- added unit test for parseQueryString()
Added a testArea that is outside the viewport but still considered as
visible from the jQuery code.
The testArea is useful when:
- tested code tries to access DOM elements using global ids
- tested code is requiring some UI elements to be visible to activate
themselves
- added karma utility to run jasmine unit tests
- added Sinon library (for stubs/mocks/fakeserver)
- added a few unit tests for core and files
- added autotest-js.sh script