Demo Overview: 2018-05-30
Tier One
- Add the POST /users/:id/confirm-email endpoint
- Added missing list styles for editor
- Hover/Focus Styles
- Mobile view R&D
- New JavaScript Test Harness
Tier Two
- QnA: Unanswered page category-following view filter
- Discussion language changes when creating a discussion inside a group while using sub-communities View this issue on GitHub
- Rich Editor - Fix focus and flyout management edge cases View this issue on GitHub
- Rich Editor - Fix undo/redo issues View this issue on GitHub
- Search Auto Complete
- PrefixDiscussion Filter ignoring config
- XSS vulnerability in /entry/connect ProviderName
- Fix OpenID possible SSRF
- Scope SSRF fix
- Editor: External authentication injection using image upload (Issue)
- SSRF exploit through file system functions like file_get_contents (Issue)
- /media/scrape API endpoint is missing details about own site
- Add title to rendered data in VideoEmbed
- Update YouTubeEmbed to support seconds-only format
- Announcements no longer pinned on top of recent-discussions
- New editor CSS Injection
- Add sanitization tests for server-side embed blot class
- DbaController::fixInsertUserID sql injection vulnerability
- SQL injection in utility/sort
- XSS vulnerability bans/find/{Userid}
- DbaController::fixUrlCodes reflected XSS
- Evaluate where opting out of validating usernames during save is necessary
1
Comments
-
New JavaScript Test Harness
In old Vanilla, we have zero automated tests for Javascript code running in the browser. That means there is no notification to us if we break something; the first time we'll know is if we either A) Manually QA the page that broke or B ) Get a support ticket.
Adding automated tests is super important as we move to a Single-Page Application model (SPA), a la Facebook. There's tons more Javascript, and tons more that can break. So, this "test harness" is rigging up how we're going to make all of those tests work, and lays the foundation for the first batch of tests that are grouped in with this task.
1
