summaryrefslogtreecommitdiff
path: root/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
* fixed url injection by means of starting an url with "." and turning the ↵jonathan2022-01-021-1/+1
| | | | prefix into a subdomain
* script links can't contain @stuebinm2022-01-021-1/+3
|
* open BBBs in new Tab so that they work now :/ tabascoeye2022-01-021-2/+2
| | | PLEASE review! I have no idea of haskell
* SECURITY: Fix path traversal in script verificationSerge Bazanski2022-01-021-2/+3
| | | | | | | | The following used to be allowed: scripts: https://static.rc3.world/scripts/../maps/81c8add623eea2704f20/e65b545e-342f-4be0-b369-c0eacff7b15d/re-blessed.mp3.js This is obviously not good, as it allows scripts from arbitrary maps.
* fix bbb urls a second time …stuebinm2022-01-021-5/+1
|
* warn if main.json does not link back to lobbystuebinm2022-01-021-6/+13
|
* fix bbb url resolutionstuebinm2022-01-021-1/+1
|
* allow *.streamproxy.rc3.worldstuebinm2022-01-021-1/+2
|
* type systems don't protect against off-by-onestuebinm2022-01-021-1/+1
|
* urlencode dereferrer linksstuebinm2022-01-021-2/+2
|
* openWebsiteTriggerMessage can also be used for openTabstuebinm2022-01-021-2/+8
|
* Allow to copy sounds for custom JS with ObjectProperty `loadSound`Sven G. Brönstrup2021-12-261-1/+1
|
* separate blocking for separate contextsstuebinm2021-12-264-25/+45
| | | | | (audio links now have their own allowlist, which won't put things through the dereferrer)
* missing entrypoints can be non-fatalstuebinm2021-12-261-7/+8
|
* change lint msg for property suggestionsstuebinm2021-12-261-1/+1
|
* add lint if people set tilesetCopyright on tilesstuebinm2021-12-251-0/+2
|
* whoops, forgot to delete an output field and now it's in the hubstuebinm2021-12-251-1/+0
|
* apply some hlint hintsstuebinm2021-12-251-3/+3
|
* the lobby is allowed to contain defunct linksstuebinm2021-12-251-12/+15
|
* hint if people set collides on tilesetsstuebinm2021-12-251-1/+2
|
* don't print doubled lints twicestuebinm2021-12-252-11/+11
|
* better lint messagestuebinm2021-12-251-1/+1
|
* persist, default aren't always booleansstuebinm2021-12-241-1/+0
|
* smaller changesstuebinm2021-12-243-5/+4
|
* allow openWebsiteAllowApi if website is on static.rc3.worldstuebinm2021-12-241-2/+12
|
* allow shared (not just shared-) as prefix for shared jitsisstuebinm2021-12-241-1/+1
| | | | this might make things less confusing for some people
* extra lint for people confused by badgesstuebinm2021-12-231-3/+4
| | | | tbh I'm confused by them as well
* some people define tilesets without images???stuebinm2021-12-232-2/+4
|
* correct recognision of entrypoints in sublayersstuebinm2021-12-232-16/+23
| | | | | also, the recursive check layer function slowly approaches something like readability!
* openTab's semantics are the same as openWebsite'sstuebinm2021-12-231-9/+6
| | | | (it's not a modifier for openWebsite, as I had previously though)
* add suggestions for misspelled propertiesstuebinm2021-12-235-43/+84
| | | | | (suggestions are shown only if they have a Damerau-Levenshtein distance <= 4, which seems to yield reasonably good results)
* limit output for frequent lintsstuebinm2021-12-232-2/+4
| | | | it's now limited to just the first ten contexts, then an ellipsis
* disallow properties with different capitalisationsstuebinm2021-12-231-10/+7
| | | | | since apparently sometimes workadventure is case-insensitive, and sometimes it's not
* Fixed types of extended scripts propertiesSven G. Brönstrup2021-12-221-3/+8
|
* shorten Properties.hsstuebinm2021-12-221-152/+76
| | | | | | | down almost 100 lines of code! (and hopefully denotationally equivalent, except for the bits about where it was wrong before and didn't replace uris correctly)
* add zoom function for LintWriterstuebinm2021-12-221-2/+19
|
* Did some of the desired changesSven G. Brönstrup2021-12-211-7/+10
|
* Merge branch 'main' into extended-scriptsSven G. Brönstrup2021-12-214-18/+40
|\
| * check that bbbRoom contains a valid assembly_slugstuebinm2021-12-211-7/+12
| |
| * correct bbb link substitutionstuebinm2021-12-211-10/+11
| | | | | | | | | | (unfortunately this one's hardcoded, the config options just aren't general enough)
| * need rc3_21 slug in inter-assembly-linksstuebinm2021-12-211-1/+1
| |
| * disallow double courly bracesstuebinm2021-12-212-2/+3
| | | | | | | | as per yesterday's discussion about extended scripting variables
| * generalise unwrapURI a bitstuebinm2021-12-201-4/+19
| |
| * something something encoding mismatchstuebinm2021-12-201-1/+1
| |
* | Resolved merge conflictSven G. Brönstrup2021-12-201-5/+1
| |
* | Merge branch 'main' into extended-scriptsSven G. Brönstrup2021-12-201-1/+4
|\|
| * forbid opening local html files in iframesstuebinm2021-12-201-2/+4
| |
* | Added extended script action zone propertiesSven G. Brönstrup2021-12-201-0/+11
| |
* | Merge branch 'main' into extended-scriptsSven G. Brönstrup2021-12-203-3/+15
|\|
| * disallow extended API variables in linksstuebinm2021-12-203-3/+15
| |