Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | fixed url injection by means of starting an url with "." and turning the ↵ | jonathan | 2022-01-02 | 1 | -1/+1 |
| | | | | prefix into a subdomain | ||||
* | script links can't contain @ | stuebinm | 2022-01-02 | 1 | -1/+3 |
| | |||||
* | open BBBs in new Tab so that they work now :/ | tabascoeye | 2022-01-02 | 1 | -2/+2 |
| | | | PLEASE review! I have no idea of haskell | ||||
* | SECURITY: Fix path traversal in script verification | Serge Bazanski | 2022-01-02 | 1 | -2/+3 |
| | | | | | | | | The following used to be allowed: scripts: https://static.rc3.world/scripts/../maps/81c8add623eea2704f20/e65b545e-342f-4be0-b369-c0eacff7b15d/re-blessed.mp3.js This is obviously not good, as it allows scripts from arbitrary maps. | ||||
* | fix bbb urls a second time … | stuebinm | 2022-01-02 | 1 | -5/+1 |
| | |||||
* | fix bbb url resolution | stuebinm | 2022-01-02 | 1 | -1/+1 |
| | |||||
* | type systems don't protect against off-by-one | stuebinm | 2022-01-02 | 1 | -1/+1 |
| | |||||
* | openWebsiteTriggerMessage can also be used for openTab | stuebinm | 2022-01-02 | 1 | -2/+8 |
| | |||||
* | Allow to copy sounds for custom JS with ObjectProperty `loadSound` | Sven G. Brönstrup | 2021-12-26 | 1 | -1/+1 |
| | |||||
* | separate blocking for separate contexts | stuebinm | 2021-12-26 | 1 | -3/+5 |
| | | | | | (audio links now have their own allowlist, which won't put things through the dereferrer) | ||||
* | change lint msg for property suggestions | stuebinm | 2021-12-26 | 1 | -1/+1 |
| | |||||
* | add lint if people set tilesetCopyright on tiles | stuebinm | 2021-12-25 | 1 | -0/+2 |
| | |||||
* | apply some hlint hints | stuebinm | 2021-12-25 | 1 | -3/+3 |
| | |||||
* | the lobby is allowed to contain defunct links | stuebinm | 2021-12-25 | 1 | -12/+15 |
| | |||||
* | hint if people set collides on tilesets | stuebinm | 2021-12-25 | 1 | -1/+2 |
| | |||||
* | better lint message | stuebinm | 2021-12-25 | 1 | -1/+1 |
| | |||||
* | persist, default aren't always booleans | stuebinm | 2021-12-24 | 1 | -1/+0 |
| | |||||
* | smaller changes | stuebinm | 2021-12-24 | 1 | -1/+1 |
| | |||||
* | allow openWebsiteAllowApi if website is on static.rc3.world | stuebinm | 2021-12-24 | 1 | -2/+12 |
| | |||||
* | allow shared (not just shared-) as prefix for shared jitsis | stuebinm | 2021-12-24 | 1 | -1/+1 |
| | | | | this might make things less confusing for some people | ||||
* | extra lint for people confused by badges | stuebinm | 2021-12-23 | 1 | -3/+4 |
| | | | | tbh I'm confused by them as well | ||||
* | some people define tilesets without images??? | stuebinm | 2021-12-23 | 1 | -1/+3 |
| | |||||
* | openTab's semantics are the same as openWebsite's | stuebinm | 2021-12-23 | 1 | -9/+6 |
| | | | | (it's not a modifier for openWebsite, as I had previously though) | ||||
* | add suggestions for misspelled properties | stuebinm | 2021-12-23 | 1 | -37/+77 |
| | | | | | (suggestions are shown only if they have a Damerau-Levenshtein distance <= 4, which seems to yield reasonably good results) | ||||
* | disallow properties with different capitalisations | stuebinm | 2021-12-23 | 1 | -10/+7 |
| | | | | | since apparently sometimes workadventure is case-insensitive, and sometimes it's not | ||||
* | Fixed types of extended scripts properties | Sven G. Brönstrup | 2021-12-22 | 1 | -3/+8 |
| | |||||
* | shorten Properties.hs | stuebinm | 2021-12-22 | 1 | -152/+76 |
| | | | | | | | down almost 100 lines of code! (and hopefully denotationally equivalent, except for the bits about where it was wrong before and didn't replace uris correctly) | ||||
* | Did some of the desired changes | Sven G. Brönstrup | 2021-12-21 | 1 | -7/+10 |
| | |||||
* | Merge branch 'main' into extended-scripts | Sven G. Brönstrup | 2021-12-21 | 1 | -15/+36 |
|\ | |||||
| * | check that bbbRoom contains a valid assembly_slug | stuebinm | 2021-12-21 | 1 | -7/+12 |
| | | |||||
| * | correct bbb link substitution | stuebinm | 2021-12-21 | 1 | -10/+11 |
| | | | | | | | | | | (unfortunately this one's hardcoded, the config options just aren't general enough) | ||||
| * | generalise unwrapURI a bit | stuebinm | 2021-12-20 | 1 | -4/+19 |
| | | |||||
| * | something something encoding mismatch | stuebinm | 2021-12-20 | 1 | -1/+1 |
| | | |||||
* | | Resolved merge conflict | Sven G. Brönstrup | 2021-12-20 | 1 | -5/+1 |
| | | |||||
* | | Merge branch 'main' into extended-scripts | Sven G. Brönstrup | 2021-12-20 | 1 | -1/+4 |
|\| | |||||
| * | forbid opening local html files in iframes | stuebinm | 2021-12-20 | 1 | -2/+4 |
| | | |||||
* | | Added extended script action zone properties | Sven G. Brönstrup | 2021-12-20 | 1 | -0/+11 |
| | | |||||
* | | Merge branch 'main' into extended-scripts | Sven G. Brönstrup | 2021-12-20 | 1 | -0/+2 |
|\| | |||||
| * | disallow extended API variables in links | stuebinm | 2021-12-20 | 1 | -0/+2 |
| | | |||||
* | | Wrap urls for inline iframes | Sven G. Brönstrup | 2021-12-19 | 1 | -0/+3 |
| | | |||||
* | | Added bell properties | Sven G. Brönstrup | 2021-12-19 | 1 | -4/+36 |
| | | |||||
* | | Only suggert door properties on variables | Sven G. Brönstrup | 2021-12-19 | 1 | -15/+15 |
| | | |||||
* | | Lint door stuff | Sven G. Brönstrup | 2021-12-19 | 1 | -1/+87 |
|/ | |||||
* | fixed parsing of tiled objects | stuebinm | 2021-12-18 | 1 | -8/+9 |
| | | | | (points behave slightly differntly than I thought) | ||||
* | quick badge bugfix | stuebinm | 2021-12-18 | 1 | -1/+1 |
| | | | | | obviously, it should remove all objects defining badges, not those NOT defining badges … | ||||
* | badges are set on objects, not layers | stuebinm | 2021-12-18 | 1 | -41/+44 |
| | | | | (and `url` is, too) | ||||
* | remove mapImage property | stuebinm | 2021-12-18 | 1 | -3/+2 |
| | |||||
* | fix some weird lints | stuebinm | 2021-12-18 | 1 | -2/+1 |
| | | | | | (since we're starting to get maps that actually pass linting, we also get to find more bugs! yay!) | ||||
* | special handling of world:// and assembly names | stuebinm | 2021-12-16 | 1 | -2/+7 |
| | | | | | these now have their own top-level config attribute which is essentially a shorthand for setting one that's deeper nested. | ||||
* | fixed & removed a bunch of old TODOs | stuebinm | 2021-12-16 | 1 | -15/+30 |
| |