removed all references to innerHTML and almost all to outerHTML. Only reference to outerHTML has no user input and therefore should be safe from injection attacks
rewrote insertTimelineIntoCurrentNote to use XMLSerializer and DomParser
changed main.ts's callback's to checkCallback's for added safety
added normalizePath() anywhere a path is actually being handled or finalized. Any places where *.path is used without a call to normalizePath() has already been normalized by that point.
removed references to vaultAdapter and changed implementation accordingly in getImgUrl()
removed generic header at beginning of settings page
Other changes:
renamed some classes to be more concise
reworked date parsing. No longer are dates cast to an int. Dates will be padded according to the new setting "maxDigits" and compared equally that way. Wrote new function normalizeDate() to handle this
added type checking on settings page so saving bad entries is harder
small optimization to getEventData and getEventsInFile by removing unnecessary type and data encapsulation
edited the way we load / overwrite loaded settings by loading the defaults first, and then overwriting with anything saved. This should enable safe loading of settings whenever a new setting is introduced and a user may not have saved it yet
Change directly related to publishing:
innerHTML
and almost all toouterHTML
. Only reference toouterHTML
has no user input and therefore should be safe from injection attacksinsertTimelineIntoCurrentNote
to use XMLSerializer and DomParsercallback
's tocheckCallback
's for added safetynormalizePath()
anywhere a path is actually being handled or finalized. Any places where*.path
is used without a call tonormalizePath()
has already been normalized by that point.vaultAdapter
and changed implementation accordingly ingetImgUrl()
Other changes:
normalizeDate()
to handle thisgetEventData
andgetEventsInFile
by removing unnecessary type and data encapsulation