All outbound links now include `rel="noopener noreferrer"` attribute.
This security improvement prevents the new page from being able to
access the `window.opener` property and ensures it runs in a separate
process.
`rel="noopener"`:
When a new page is opened using `target="_blank"`, the new page runs
on the same process as the originating page, and has a reference to
the originating page `window.opener`. By implementing
`rel="noopener"`, the new page is prevented to use `window.opener`
property.
It's security issue because the newly opened website could
potentially redirect the page to a malicious URL. Even though
privacy.sexy doesn't have any sensitive information to protect, this
can still be a vector for phishing attacks.
`rel="noreferrer"`:
It implies features of `noopener`, and also prevents `Referer` header
from being sent to the new page. Referer headers may include
sensitive data, because they tell the new page the URL of the page
the request is coming from.
- Unify reading subtitle/slogan throughout the application.
- Refactor related unit tests for easier future changes.
- Add typed constants for Vue app environment variables.
Key features of Linux support:
- It supports python 3 scripts execution.
- It supports Flatpak and Snap installation for software
clean-up/configurations.
- Extensive documentation.
- Simplify `README.md` by creating and moving some documentation to
`architecture.md`.
- Add more documentation for state handling between layers.
- Improve some documentation to use clearer language.
Move existing documentation to `docs/development.md` to have simpler
`README.md` but more dedicated and extensive documentation for
development.
Improve existing documentation for different commands for the project.
Document VSCode recommendations in `extensions.json` file and add
exception in `.gitignore` to be able to add it to repository.
Run quality checks for every possible OS because behavior of linting
rules may change per OS (e.g. `linebreak-style` ESLint assertment varies
by Unix-like vs Windows).
Add a new check to ensure project can be built:
1. As both web and desktop applications.
Different jobs are used due to nonidentical environment/mode support.
Reference: nklayman/vue-cli-plugin-electron-builder#1627.
2. Targeting all possible modes.
The modes are configured using `--mode` but electron CLI checks
`NODE_ENV` so it's set as well.
Reference: nklayman/vue-cli-plugin-electron-builder#1626.
3. On and for different operating systems.
Fix typo "Run units" instead of "Run unit tests".
Link to specific GitHub actions page for workflow runs.
Update documentation to match new structure, and change nontransparent
icons from the diagram and consistently use imperative for actions.
Rename `release-site` , `release-git`, `release-desktop` to
`site-release` , `git-release` and `desktop-release` to not be Yoda.
- Seperate test pipeline into E2E, integration and unit test pipelines.
- Improve documenetation for pipelines (ci-cd.md).
- Introduce naming convention for worklow files and names.
- Center badges with multiple files on README file.
The goal is to be able to modify values of variables used in templates.
It enables future functionality such as escaping, inlining etc.
It adds support applying predefined pipes to variables. Pipes
can be applied to variable substitution in with and parameter
substitution expressions. They work in similar way to piping in Unix
where each pipe applied to the compiled result of pipe before.
It adds support for using pipes in `with` and parameter substitution
expressions. It also refactors how their regex is build to reuse more of
the logic by abstracting regex building into a new class.
Finally, it separates and extends documentation for templating.
- Use same multi-lined comment convention
- Highlight that "additional information" in a bug report is optional
- Remove recommendation for pasting script in a bug report as it's too long
- Rename feature request issue file to follow same naming convention
- Document also creating a issue as a way to extend scripts
- Add reproduction steps in script bug reports
- Use names instead of commands in heading
Integration tests are executed using vue-cli-service with double quotes as following: `vue-cli-service test:unit "tests/integration/**/*.spec.ts"`. Using single quotes (mochajs/mocha#1828) works on macOS and Ubuntu but does not on Windows (tests are not found). Double quotes is the only portable way that works on all three platforms (mochajs/mocha#3136).
