summaryrefslogtreecommitdiff
path: root/lib/Properties.hs (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-12-27SECURITY: Fix path traversal in script verificationSerge Bazanski1-2/+3
The following used to be allowed: scripts: https://static.rc3.world/scripts/../maps/81c8add623eea2704f20/e65b545e-342f-4be0-b369-c0eacff7b15d/re-blessed.mp3.js This is obviously not good, as it allows scripts from arbitrary maps.
2021-12-27fix bbb urls a second time …stuebinm1-5/+1
2021-12-27fix bbb url resolutionstuebinm1-1/+1
2021-12-27type systems don't protect against off-by-onestuebinm1-1/+1
2021-12-26openWebsiteTriggerMessage can also be used for openTabstuebinm1-2/+8
2021-12-26Allow to copy sounds for custom JS with ObjectProperty `loadSound`Sven G. Brönstrup1-1/+1
2021-12-26separate blocking for separate contextsstuebinm1-3/+5
(audio links now have their own allowlist, which won't put things through the dereferrer)
2021-12-26change lint msg for property suggestionsstuebinm1-1/+1
2021-12-25add lint if people set tilesetCopyright on tilesstuebinm1-0/+2
2021-12-25apply some hlint hintsstuebinm1-3/+3
2021-12-25the lobby is allowed to contain defunct linksstuebinm1-12/+15
2021-12-25hint if people set collides on tilesetsstuebinm1-1/+2
2021-12-25better lint messagestuebinm1-1/+1
2021-12-24persist, default aren't always booleansstuebinm1-1/+0
2021-12-24smaller changesstuebinm1-1/+1
2021-12-24allow openWebsiteAllowApi if website is on static.rc3.worldstuebinm1-2/+12
2021-12-24allow shared (not just shared-) as prefix for shared jitsisstuebinm1-1/+1
this might make things less confusing for some people
2021-12-23extra lint for people confused by badgesstuebinm1-3/+4
tbh I'm confused by them as well
2021-12-23some people define tilesets without images???stuebinm1-1/+3
2021-12-23openTab's semantics are the same as openWebsite'sstuebinm1-9/+6
(it's not a modifier for openWebsite, as I had previously though)
2021-12-23add suggestions for misspelled propertiesstuebinm1-37/+77
(suggestions are shown only if they have a Damerau-Levenshtein distance <= 4, which seems to yield reasonably good results)
2021-12-23disallow properties with different capitalisationsstuebinm1-10/+7
since apparently sometimes workadventure is case-insensitive, and sometimes it's not
2021-12-22Fixed types of extended scripts propertiesSven G. Brönstrup1-3/+8
2021-12-22shorten Properties.hsstuebinm1-152/+76
down almost 100 lines of code! (and hopefully denotationally equivalent, except for the bits about where it was wrong before and didn't replace uris correctly)
2021-12-21Did some of the desired changesSven G. Brönstrup1-7/+10
2021-12-21check that bbbRoom contains a valid assembly_slugstuebinm1-7/+12
2021-12-21correct bbb link substitutionstuebinm1-10/+11
(unfortunately this one's hardcoded, the config options just aren't general enough)
2021-12-20generalise unwrapURI a bitstuebinm1-4/+19
2021-12-20something something encoding mismatchstuebinm1-1/+1
2021-12-20Resolved merge conflictSven G. Brönstrup1-5/+1
2021-12-20Added extended script action zone propertiesSven G. Brönstrup1-0/+11
2021-12-20forbid opening local html files in iframesstuebinm1-2/+4
2021-12-20disallow extended API variables in linksstuebinm1-0/+2
2021-12-19Wrap urls for inline iframesSven G. Brönstrup1-0/+3
2021-12-19Added bell propertiesSven G. Brönstrup1-4/+36
2021-12-19Only suggert door properties on variablesSven G. Brönstrup1-15/+15
2021-12-19Lint door stuffSven G. Brönstrup1-1/+87
2021-12-18fixed parsing of tiled objectsstuebinm1-8/+9
(points behave slightly differntly than I thought)
2021-12-18quick badge bugfixstuebinm1-1/+1
obviously, it should remove all objects defining badges, not those NOT defining badges …
2021-12-18badges are set on objects, not layersstuebinm1-41/+44
(and `url` is, too)
2021-12-18remove mapImage propertystuebinm1-3/+2
2021-12-18fix some weird lintsstuebinm1-2/+1
(since we're starting to get maps that actually pass linting, we also get to find more bugs! yay!)
2021-12-16special handling of world:// and assembly namesstuebinm1-2/+7
these now have their own top-level config attribute which is essentially a shorthand for setting one that's deeper nested.
2021-12-16fixed & removed a bunch of old TODOsstuebinm1-15/+30
2021-12-16"collides" can't be set on layersstuebinm1-4/+4
2021-12-16lint if tileset properties are set on the map insteadstuebinm1-1/+5
(this seems to be a common mistake so far)
2021-12-16we don't support ellipsesstuebinm1-5/+4
2021-12-15suggest setting map meta properties if not givenstuebinm1-0/+9
2021-12-14deal with group layer in existence checks properlystuebinm1-11/+20
(before it would fail to find e.g. the start layer if it wasn't a top-level layer)
2021-12-14allow scripts from https://static.rc3.world/scriptsstuebinm1-15/+10
The script inject doesn't do anything for now; guess I'll re-add that once we actually have a URI for that.