Quotes Fixer - Client side Plugin. (v2)
-
Get the code Here:
###What does it do?
- It will allow nested quotes.
- It will preserve images,spoiler, etc in the quotes.
###Known issues:
-
It does not preserve the original raw input of bbcode quotes. it will transform the input while editing.
-
If a quote was detect and transformed, edit history is lost ( no undo )
-
It uses a bad way to set the user avatar, it could affect the loading times of the images due to redirects( it is based on the username). and it will not work with letter avatar.
-
it assume username always provided so it render avatar if there is a valid user or not.
-
some side affect with md5 hash some sort of conflict with whatever discourse is doing with that hashing.
-
There is no explicit sensitization on the arguments passed to the quote tag. if you find some weakness let me know.
Since no one here can or want to install plugins server side, and this is not a very production ready code anyway(see avatar lookup) I have adopted the code to do the transformation in the live editor that introduce some more drawbacks as mentioned above.
it would probably been better I have only ran the transformation before posting, or with a dedicate button. but this is what we have for now.
###Testing
Only tested with a limited input. testing and feedback is welcomed.
###Cases I tested with:
###case 1
http://what.thedailywtf.com/t/default-quoting-behaviour-cannot-quote-code/828
output###case 2 (deeper nesting of multiple quotes)
http://what.thedailywtf.com/t/nested-quotes-are-halfway-eaten-when-trying-to-quote/9065output
-
Do I just run this in Tampermonkey, something like that? I am willing to test it, I doubt it would be possible to make quoting any worse than the discodefault behaviour...
-
you can add it to tampermonkey.
or for a temporary quick way just copy paste once, into console. it will work for that tab till refresh.
-
<aside class="quote" data-post="3" data-topic="47582">Monarch:you can add it to tampermonkey.
</aside>or for a temporary quick way just copy paste once, into console. it will work for that tab till refresh.
Eh, well Tampermonkey is either broken or I don't understand it, I'll just paste it in the console for now...
-
<aside class="quote" data-post="4" data-topic="47582">tar:Eh, well Tampermonkey is either broken or I don't understand it, I'll just paste it in the console for now...
</aside>Coming to think about you might need to wrap the code in a document ready block for Greasemonkey. and if you still have problems add an alert("test"); somewhere
to see if the script is active on the page.document.ready(function(){ ... //Paste code here } ```
-
This is just me thinking out loud here, but it looks like "letter people" do have avatar png files, but maybe not on the same path as "avatar people":
Even more interestingly, it looks like you can just 'make up' random user names and it will serve you a letter...
Excuse me one second...
-
-
that's a pretty shit exploit tbh
-
Eh, I had fun with it.
-
-
#
-
you didn't color coordinate them. Shame!
-
Oh I see, you get to decide what's colour coördinated and what isn't?
-
What changed:
-
Added escaping for bb tag([quote]) attributes, suppose to be more secure
-
Added some logic to eliminate the ridiculous md5 hash war (added a lot of unnecessary complex code)
-
Override the Discourse quote builder. to prevent it from escaping '<' and '>'
this will allow better quoting using the "Quote all post" button.
-
-
<aside class="quote" data-post="14" data-topic="47582">Monarch:####Quotes-preprocessor.js V2
</aside>What changed:
-
Added escaping for bb tag([quote]) attributes, suppose to be more secure
-
Added some logic to eliminate the ridiculous md5 hash war (added a lot of unnecessary complex code)
-
Override the Discourse quote builder. to prevent it from escaping '<' and '>'
this will allow better quoting using the "Quote all post" button.
Much as Discourse practically trains you so start tweaking at it, I'm just going to quote your post and let it stand as testament to your excellent work so far. There's a freaking URL in there people! In the quote! And I didn't have to futz with it!
<small
In unrelated news, my Tampermonkey script:alert(JSON.stringify(Discourse));
ran into some problems:
Tampermonkey started (program):17 ERROR: Execution of script 'My Fancy New Userscript' failed! Converting circular structure to JSON(program):17 (anonymous function) (program):17 TypeError: Converting circular structure to JSON
Of course
Discourse
would be a circular structure....
-
-
Am I doing something wrong? I only get solid colors.
http://what.thedailywtf.com/letter_avatar/xex/45/1.png <--- WHY DOES THIS NOT AUTO-EMBED NOW? Here:
-
Am I doing something wrong? I only get solid colors.
Discoursistency.
@anonymous234 said:WHY DOES THIS NOT AUTO-EMBED NOW?
Discoursistency.
-
@PJH - fix for the issue I found while trying to make that post https://meta.discourse.org/t/new-letter-avatars-are-sometimes-blank/27225/13
-
Coming to think about you might need to wrap the code in a document ready block for tampermonkey
Well, how do you run it?
I assume this either can't be used on IE or only works with "pasted in the console".
-
Well, how do you run it?
I just checked on IE 11 and it works ("pasted in the console")
To run it automatically you need a UserScript extension for your browserthat runs it on page load.
In chrome and firefox there is Greasemonkey, can't really recommend anything for IE, It is not my main browser.when you figure out how to run Userscripts in your browser of choice you also need to wrap the code provided, in the block below, so it will run after everything was loaded.
document.ready(function(){ ... //Paste code from gist here for UserScript run }
-
when you figure out how to run Userscripts in your browser of choice you also need to wrap the code provided, in the block below, so it will run after everything was loaded.
Psst. I left the "document ready block" quote there so you'd realize I knew that.
But thanks for the answer. One of these days I will probably get GreaseMonkey, I've just been too lazy to date.
I'm hoping, also, that Project Spartan gets some good extensions like that and AdBlock.
-
I'm hoping, also, that Project Spartan gets some good extensions like that and AdBlock.
Have you tried Dischorse on Spartan?
-
Have you tried Dischorse on Spartan?
Yes and no. I went out here and realized I forgot my password, so I never actually clicked any links.
Bear in mind that we've seen one build so far, so I would expect all kinds of buggy behavior.
-
Bear in mind that we've seen one build so far, so I would expect all kinds of buggy behavior.
Oh yeah, it's amusing.
-
I'm hoping, also, that Project Spartan gets some good extensions like that and AdBlock.
Wasn't it going to be a "simpler" browser? Meaning, somehow, even fewer features than IE.
-
Oh yeah, it's amusing.
I just tried, in not-logged-in mode, and didn't see anything weird.
Although I DID
readskim the first few dozen posts in the Bad Ideas thread, and noticed that @HardwareGeek or whoever posted the search link about the South Korean building that tipped over spellared "Asian".
-
Wasn't it going to be a "simpler" browser? Meaning, somehow, even fewer features than IE.
I think it's more like "dropping the back-compat to IE5" and then adding new features like extensions.
-
Login.
The "unread x topics and y new topics" text at the bottom repeats itself each time there's an update to the loaded stuff, and some posts show things 2/3 times.
-
See:
http://what.thedailywtf.com/t/now-integrated-with-amazons-new-like-replenishment-service/1000/38530http://what.thedailywtf.com/t/now-integrated-with-amazons-new-like-replenishment-service/1000/38527
-
Login.
I can't without doing a password reset.
And annoyingly, the password for TDWTF isn't in either browser's password list.
If I reset my password on the Win10 box...uh...I'd have to...uh...relogin on all the other browsers I read TDWTF on, which is 3 different computers and a phone.
-
If I reset my password on the Win10 box...uh...I'd have to...uh...relogin on all the other browsers I read TDWTF on, which is 3 different computers and a phone.
Huh? Who said anything about a password reset erasing your session? That's what the Log Out button is for.
-
Huh? Who said anything about a password reset erasing your session?
I didn't know if it will or not. I think you could make an argument that resetting your password in one session should invalidate any others--how else could you recover a compromised account?
At any rate I didn't want to have to take the chance, especially since the computer I was using for Win10 is rather underpowered.
-
I didn't know if it will or not. I think you could make an argument that resetting your password in one session should invalidate any others--how else could you recover a compromised account?
It does seem like a rather valid security practice.
-
-
Or just kill all other sessions. Any session started with a set of credentials should be invalid once those change.
Imagine someone else compromises your account and changes your password, but your session is still active so you don't know anything's happened. If the session was invalidated once they changed it, you'd try and log back in and know straight away.
Is this another lesson in basic security for Discourse?
-
Well, I guess I'm going to have to reset my password after all, because my phone forgot it. That is, if I can. Oh, look, the "reset password" email never arrived (paging @apapadimoulis and @pjh).
-
E-mails do work; they just take ages to be sent
-
Ah, lovely.
-
I didn't see one in the logs recently, but I told it to send you a new one.
EDIT: Oh, no...I see it there 52 mins ago. Didn't look far enough back.
EDIT: But I also see errors in the error logs...
-
Albert and Bernard just became friends with Cheryl, and they wanted to gain access to her discourse account.
Cheryl give them a list of possible emails and passwords.
email1@wtf.com hunter1 hunter4
email2@wtf2.com hunter2 email3@wtf4.com
email2@wtf3.com hunter3Cheryl then tells Albert and Bernard separately the password and the email respectively.
each have access to a machine that is signed on to her account.Who will take over cheryl account?
hint:
[spoiler]
To change your password you need your email.
To change your email you don't need your password.
[/spoiler]
-
My password reset emails came straight through. It seemed better since Alex fixed the config unless that's reverted some how.
-
I've notified the powers that be, but I've done all I can.
:shrug:
-
It seemed better since Alex fixed the config unless that's reverted some how.
I can't comment since I've turned off emails from here since forever, but I see a lot of email related chatter in the error logs.
-
I got the email about 40 minutes from now, and when I clicked the link, my "token", whatever that was, had expired. Oh, and I've suddenly become logged back in on mobile.
Also, an email address named use-the-contact-form seems rude, although I don't know who sry that up. I guess I'll send another change request.
-
about 40 minutes from now
After which you hopped in your time machine and came back to the present to tell us about it?
-
That's the timestamp on the message! Sent at 2:28, seen at 1:43.
-
Also, you have to reset password by email even when logged in. Thanks for the extra work, @codinghorror
-
This time the email came through within a minute or two. Now to see how horrible the site works under Spartan while logged in.
-
Ha.
ETA: I like how the unread count went down halfway through.
-
Oh, look, the "reset password" email never arrived (paging @apapadimoulis and @pjh).
Nowt I can do - they're leaving here; they seem to go MIA for some however: