summaryrefslogtreecommitdiff
path: root/lib (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-01-15use hpack and clean up modulesstuebinm9-31/+94
as annoying as yaml is, cabal's package format is somehow worse, apparently
2022-01-02playing around with typesstuebinm1-0/+29
2022-01-02use url package for parsing of urlsjonny2-12/+30
2022-01-02fixed url injection by means of starting an url with "." and turning the ↵jonathan1-1/+1
prefix into a subdomain
2022-01-02script links can't contain @stuebinm1-1/+3
2022-01-02open BBBs in new Tab so that they work now :/ tabascoeye1-2/+2
PLEASE review! I have no idea of haskell
2022-01-02SECURITY: Fix path traversal in script verificationSerge Bazanski1-2/+3
The following used to be allowed: scripts: https://static.rc3.world/scripts/../maps/81c8add623eea2704f20/e65b545e-342f-4be0-b369-c0eacff7b15d/re-blessed.mp3.js This is obviously not good, as it allows scripts from arbitrary maps.
2022-01-02fix bbb urls a second time …stuebinm1-5/+1
2022-01-02warn if main.json does not link back to lobbystuebinm1-6/+13
2022-01-02fix bbb url resolutionstuebinm1-1/+1
2022-01-02allow *.streamproxy.rc3.worldstuebinm1-1/+2
2022-01-02type systems don't protect against off-by-onestuebinm1-1/+1
2022-01-02urlencode dereferrer linksstuebinm1-2/+2
2022-01-02openWebsiteTriggerMessage can also be used for openTabstuebinm1-2/+8
2021-12-26Allow to copy sounds for custom JS with ObjectProperty `loadSound`Sven G. Brönstrup1-1/+1
2021-12-26separate blocking for separate contextsstuebinm4-25/+45
(audio links now have their own allowlist, which won't put things through the dereferrer)
2021-12-26change lint msg for property suggestionsstuebinm1-1/+1
2021-12-25add lint if people set tilesetCopyright on tilesstuebinm1-0/+2
2021-12-25whoops, forgot to delete an output field and now it's in the hubstuebinm1-1/+0
2021-12-25apply some hlint hintsstuebinm1-3/+3
2021-12-25the lobby is allowed to contain defunct linksstuebinm1-12/+15
2021-12-25hint if people set collides on tilesetsstuebinm1-1/+2
2021-12-25don't print doubled lints twicestuebinm2-11/+11
2021-12-25better lint messagestuebinm1-1/+1
2021-12-24persist, default aren't always booleansstuebinm1-1/+0
2021-12-24smaller changesstuebinm3-5/+4
2021-12-24allow openWebsiteAllowApi if website is on static.rc3.worldstuebinm1-2/+12
2021-12-24allow shared (not just shared-) as prefix for shared jitsisstuebinm1-1/+1
this might make things less confusing for some people
2021-12-23extra lint for people confused by badgesstuebinm1-3/+4
tbh I'm confused by them as well
2021-12-23some people define tilesets without images???stuebinm2-2/+4
2021-12-23correct recognision of entrypoints in sublayersstuebinm2-16/+23
also, the recursive check layer function slowly approaches something like readability!
2021-12-23openTab's semantics are the same as openWebsite'sstuebinm1-9/+6
(it's not a modifier for openWebsite, as I had previously though)
2021-12-23add suggestions for misspelled propertiesstuebinm5-43/+84
(suggestions are shown only if they have a Damerau-Levenshtein distance <= 4, which seems to yield reasonably good results)
2021-12-23limit output for frequent lintsstuebinm2-2/+4
it's now limited to just the first ten contexts, then an ellipsis
2021-12-23disallow properties with different capitalisationsstuebinm1-10/+7
since apparently sometimes workadventure is case-insensitive, and sometimes it's not
2021-12-22Fixed types of extended scripts propertiesSven G. Brönstrup1-3/+8
2021-12-22shorten Properties.hsstuebinm1-152/+76
down almost 100 lines of code! (and hopefully denotationally equivalent, except for the bits about where it was wrong before and didn't replace uris correctly)
2021-12-22add zoom function for LintWriterstuebinm1-2/+19
2021-12-21Did some of the desired changesSven G. Brönstrup1-7/+10
2021-12-21check that bbbRoom contains a valid assembly_slugstuebinm1-7/+12
2021-12-21correct bbb link substitutionstuebinm1-10/+11
(unfortunately this one's hardcoded, the config options just aren't general enough)
2021-12-21need rc3_21 slug in inter-assembly-linksstuebinm1-1/+1
2021-12-21disallow double courly bracesstuebinm2-2/+3
as per yesterday's discussion about extended scripting variables
2021-12-20generalise unwrapURI a bitstuebinm1-4/+19
2021-12-20something something encoding mismatchstuebinm1-1/+1
2021-12-20Resolved merge conflictSven G. Brönstrup1-5/+1
2021-12-20Added extended script action zone propertiesSven G. Brönstrup1-0/+11
2021-12-20forbid opening local html files in iframesstuebinm1-2/+4
2021-12-20disallow extended API variables in linksstuebinm3-3/+15
2021-12-19Wrap urls for inline iframesSven G. Brönstrup1-0/+3