When no static assets are found on init, i.e., when a binary without
stuffbin assets are loaded, the app looks for all necessary static
files in the working dir, including the `./static/*` path which renders
the `--static-dir` flag irrelevant.
This patch gives `--static-dir`, if set, precedence over `./static/*`
when loading assets from the working dir when a binary is not stuffed
with static files.
Closes#340.
The buefy toast component does not sanitize HTML leaving it open
to XSS. This patch centralised all toast calls in the app to a util
function which sanitizes HTML strings before passing to toast().
Closes#357.
Previously, converting between formats simply copied over raw content.
This update does actual conversion between different formats. While
lossy, this seems to a good enough approximation for even reasonbly
rich HTML content. Closes#348.
- richtext, html => plain
Strips HTML and converts content to plain text.
- richtext, html => markdown
Uses turndown (JS) lib to convert HTML to Markdown.
- plain => richtext, html
Converts line breaks in plain text to HTML breaks.
- richtext => html
"Beautifies" the HTML generated by the WYSIWYG editor unlike the
earlier behaviour of dumping one long line of HTML.
- markdown => richtext, html
Makes an API call to the backend to use the Goldmark lib to convert
Markdown to HTML.
This is a small safety precaution to make sure the out of the box
configuration is not world routeable. Bringing this up on a public
interface with a connected database could be a security concern. Any
sysadmin worth their salt is going to test offline or by binding to
localhost only first anyway, but this gets them started on the right
foot and makes sure people don't make mistakes.
Also with the high likelihood that a proxy is going to be used for HTTPS
termination anyway, the decision to move to a public IP should be more
deliberate.
Using localhost instead of some random string is much more likely to
actually work out of the box. Also it's a lot easier for a sysamdmin to
'scan' for things that need changing.
Use a dummy subscriber instead of fetching a random one from the
DB. In addition, replace the preview campaign UUID with a dummy
one to prevent clicks and views being registered against the
campaign when previewing.
The new `--i18n-dir` directory allows the loading of an external
directory of i18n JSON files, milar to have `--static-dir`
works. New languages can be added and existing language files
can be customized this way.
This commit changes file loading behaviour so that invalid or
non-existent don't halt the execution of the app completely but
merely throw a warning and continue with the default (en) lang.
Sending th optional flag as `trunue` in the POST /api/subscrirs
body will skip sending opt-iconfirmation e-mails to subscribers
and mark list subscriptions in the request a`confirmed`.