The new code has a smaller markup fingerprint (no more inline event
Javascript attributes) and it also ports the outer-click-dismiss
functionality over from the wiki. It raises the Javascript engine
requirements to IE 9 and later, though, which is inline with the home
page code.
Some refactoring and a lot of code changes are involved in this.
Basically, wmlunits has always fully trusted its WML input. This has
several implications:
* URLs such as the ones for unit detail views tend to contain
unescaped characters which are forbidden in URLs, such as spaces.
While browsers generally tolerate this well, the result is still
invalid HTML. The same applies to URLs used for inline CSS (e.g.
background-image).
* Most information read from WML such as unit names, descriptions,
campaign names, era names, and so on, was blindly trusted and could
allow an attacker to inject malicious HTML into units.wesnoth.org by
uploading an add-on that would pass the units.wesnoth.org build
process.
The resulting code might not be extent of regressions, but hopefully
we'll identify them quickly. This commit contains some additional noise
in the form of style fixes around offending lines as well. Backporting
to 1.12 is, as far as I understand, unnecessary since units.wesnoth.org
uses the master branch version of wmlunits, but it might be worth
evaluating whether to issue a warning for the 1 person in the world who
might be running the 1.12 version of the units.wesnoth.org toolchain on
their own facilities (okay, let's face it, nobody would ever do that).
* There is now a link back to units.wesnoth.org on the navbar preceding
Home.
* The mulitplication sign is used for attack stats to match 1.13.x.
* Made the Terrain table in the unit detail pages a bit more proper
markup-wise.
* Advances from/to on the unit detail page displays a dash when empty
and also has a comma-separated list of unit links in it. The same goes
for the abilities list.
The language menu gets to stay as a <div> containing a table for now
since doing columns with lists is still not that well supported across
browsers (as well as the CSS columns spec as a whole -- too many legacy
browsers floating around).
Basically ran all .py files through 2to3. I made a copy of wmlparser2.py
called wmlparser3.py for the Python3 version, so as to not inconvenience anyone
who may be using it in their old Python2 scripts.
- Fixed a bug in wmlunits where the era tree omitted units whose
parent units belonged to a different faction.
- Made wmlunits provide feedback about required parameters.
