refs https://github.com/TryGhost/Team/issues/1871
This commit adds a test to the serialize method of `post-emaiserializer`. It checks whether the generated email HTML is valid and standard HTML5 and that all properties are escaped.
To do this validation, I depend on the new `html-validate` dev dependency. Just parsing the HTML with a HTML parser is not enough to guarantee that the HTML is okay.
Apart from that this fixes:
- Removed the sanitizeHTML method and replaced it with normal HTML escaping. We don't want to allow any HTML in the escaped fields. Whereas `sanitizeHTML` still allows valid HTML, but we don't want that and want the same behaviour as on the site. E.g., a post with a title `All your need to know about the <br /> tag` should actually render the same title and non-html content, being `All your need to know about the <br /> tag`
- The file, nft and audio card didn't (always) escape the injected HTML fields (new version @tryghost/kg-default-cards)
- `@tryghost/string` is bumped because it contains the new escapeHtml method
The Posts API does not strip unknown properties when dealing with relations,
which meant that tags were being sent up with a `parent` property which would
always cause the model to be considered "changed". This resulted in the update
methods being called, and leading to unexpected behaviour.
Whilst this change does fix things for the History feature, the correct fix is
to update the admin-api-schema, or the input serializers such that they only
allow through known and allowed properties.
refs https://github.com/TryGhost/Ghost/pull/15375
- we currently pass all properties for the `tags` property of a
`page`/`post` body down further into Ghost, which is causing issues
because it's handling properties it doesn't expect
- this is showing up because it's triggering save history events for
tags when a post is edited
- this commit introduces a clean util which has an allowlist of
properties allows on tag relations
- this list was taken from the schema: 128f8fb006/packages/admin-api-schema/lib/schemas/posts.json (L214-L227)
no issue
- fixes error that left the confirmation modal in place when deleting a tag by ensuring we return `true` in the task used by the confirm button, if we return the transition object it trips the "failed" state because the `/tags` route aborts and refreshes when transitioning to it
- fixes missing attached posts count in the tag delete confirmation modal by using the correct `tag.count.posts` attribute in the conditional
- fixes missing slugs in the tags list by using the properties on `@tag` rather than expecting a separate `@slug` argument
- replaced the skipped tags acceptance tests with an updated tests that match the recent redesign
fixes https://github.com/TryGhost/Team/issues/1821
This change moves all the event storage logic to one new place: the event storage class in the MembersEventsService, which is initialised in a new members events service wrapper.
Apart from this, this includes some improvements:
- Removed DomainEvents from the constructor arguments to the subscribe method (to make it more clear where to subscribe to and decrease dependencies)
- LastSeenAtUpdater doesn't subscribe in the constructor any longer (removes unclear side effect)
- Moved LastSeenAtUpdater initialisation to new members events service wrapper
- Added missing tests to LastSeenAtUpdater to assure that the MembersEventsService package has 100% coverage.
closes https://github.com/TryGhost/Team/issues/1873
- bumps `@tryghost/kg-default-cards` which amends the product card rendering to output adjusted `width` and `height` attributes and a resized `src` attribute on the `<img>` element
refs https://github.com/TryGhost/Team/issues/1879
OpenSea updated their URL format for NFTs after adding support for Solana
which broke our regex, this updates to support the new format.
fixes https://github.com/TryGhost/Team/issues/1861
- Moved like and unlike endpoint handling to comments service and controller
- Moved small part of report logic to comments controller
- Added proper 401 authentication error when not authenticated as member
- we didn't clone the repo at the point when we were running a git
command, so that failed
- switched to a different method of checking out `main` and then
checking out the most recent tag
no issue
- Deleted staff picks
- Added Explore Feed Dashboard resource
- Added styles and svgs
- Moved "What's New" resource into a split box with community box
refs https://github.com/TryGhost/Toolbox/issues/356
- this commit updates the route to `/settings/history` and moves all the
files to their new name so we can avoid further cleanup down the line
refshttps://github.com/TryGhost/Team/issues/1738
- Changed sidebar member count to use new API endpoint data.
- Added separate function for getting member count.
- changed `_fetchCountsTask` to use new `/stats/member_count/` endpoint
- updated @task to calculate total members from endpoint data.
refs https://github.com/TryGhost/Toolbox/issues/384
- Existing adapter config was based on the notion there can only be one configuration per one adapter class. With adapter cache now allowing instantiating multiple adapter instances with the same base class it opened up a possibility to have shared configuration for a base class and then extend/override it in "feature" configurations (see tests in this commit for specific examples)
refs https://github.com/TryGhost/Toolbox/issues/384
- Adapter cache was not able to store multiple object instances derived from same Base class. This created a need to create boilerplate "shell" classes inheriting from the Base class, e.g.: ImageSizeCacheSyncInMemory etc.
- Having feature-based adapter instance caching in the adapter manager allows to simplify configuration and reuse the "base class" instead of creating artificial "shell" classes.
- For example with this change both image sizes and settings caches will create separate cache instances deriving from default "Memory" class. Less code, less configuration!
refs https://github.com/TryGhost/Toolbox/issues/384
- The syntax using a colon ":" separator has been successfully used to enable multiple adapters. The adapter manager can benefit from same convention to enable more elastic adapter cache - have multiple instances of adapters from same base class
refs. https://github.com/TryGhost/Toolbox/issues/356
- renamed page to “History” now to make it less technical
- moved the history page out to the Advanced section in Settings to increase discoverability
- moved the About section from General settings to a modal because that technical data was not connected to General settings
closes https://github.com/TryGhost/Team/issues/1876
- the offer portion of new paid subscription alert was showing the wrong amount as the value is denoted in cents and needs conversion
- the value shown was 100x as the actual amount needs to be transformed (X/100)
refs https://github.com/TryGhost/Team/issues/1875
- due to an misbehavior in our model layer, when `tiers` is set on a Post, it'll
trigger a save of the Tier, and this produces an extra event in the
`actions` table
- mapping the Tier(s) to just the ID prevents bookshelf-relations from
editing the Tier and thus prevents the extra event
- also fixed tests which were implicitly assuming supplying a slug to a
post would create the product
refs. https://github.com/TryGhost/Toolbox/issues/356
- member label was too granular and small piece of information to justify a complete "Member" category, so we ignored to fetch the member label related events for now and removed the "Member" category from the filter list
- the term "users" wasn't consistent with the rest of the UI, changed it to "staff"
refs https://github.com/TryGhost/Toolbox/issues/381
- we want to start collecting events from pull requests so we can label
and reply upon certain events
- this adds the `closed` and `labeled` events to the workflow triggers