Sanitizer should recognize HTML elements
and attributes.
New Allowed Elements:
article aside audio canvas command details
dialog figcaption figure footer header
hgroup mark meter nav progress rp rt ruby
section source summary time video war
(OK, audio and video were already there)
New Allowed Attributes:
autocomplete contenteditable contextmenu
draggable formaction icon low max min
open optimum pattern placeholder preload
pubdate required reversed spellcheck step
wrap
Attributes removed:
abbr charset loopcount loopend loopstart
noshade nowrap rev rules
Maruku supports @start and @reversed on
ordered lists. It doesn't seem to support
IALs on li elements, so you still can't
attach @value to an li.
Monkey patch to prevent ActionCache from overriding
the correct content-type header, when serving cached
pages with a "." in the name. (Thanks to Jason Blevins)
Also sync with latest SVG-Edit.
Firefox was too lenient, in allowing
you to append nodes from another document to
the svg canvas. Use adoptNode(), to do things
right. (Google Chrome is more strict about this.)
Make use of a nonce for setting SVG-Edit IDs
option. By default, SVG-Edit behaves as before.
Calling svgCanvas.randomizeIds(true) gives our
behaviour, instead.
Also, sync with latest SVG-Edit (but disable,
for now, manual editing of IDs).
Since we can have several SVG-Edit graphics
on a page, SVG-Edit should assign unique IDs
to elements, and do so in a fashion that survives
re-editing.
To do this, we use a nonce, and record its value in
a custom se:nonce attribute on the <svg> element.
(Is there a better way?).
Also, preserve the custom se:connector attribute for
later editing purposes.
Most of the DOM manipulations can be done
before doing the AJAX call. This leaves
just the insertion of the MathML nodes in the
mrow for the AJAX callback function.
Also, make the stroke-width for the connector tool
default to 2.
Ajax is asynchronous. Need to
sanitize in the callback function,
NOT when adding <math> to the DOM.
Need to unescape text for itex editor
window (since JQuery seems to take care
an 'extra' round of escaping).
Make the AJAX endpoint configurable (this could still be
done better).
Use POST, rather than GET for the AJAX request, so that
we don't have to worry about overly-long equations.
Add a Rack Metal itex endpoint.
Add an itex tool to SVG-Edit.
Disable the foreignObject tool
(at least, for now) as it doesn't
currently play nice with the itex tool.
Line-height is inherited, and the setting in SVG-Edit
ever-so-slightly screws up foreignObject (the bounding box
is not where it should be. This can be fixed in the CSS
(and was, till the great migration to the extensions folder).
Further whittling away at differences between
Instiki's and the main branch of SVG-Edit.
Now, the saveHandler is set from within the calling
page.
If the editor was opened from Instiki, choosing "Save Image"
now closes the editor window. To leave it open was kinda confusing.
Also sync with latest SVG-Edit changes.