We were previously inspecting the referrer, but that is spoofable,
and doesn't guard against other processes on the machine.
To accomplish this, we use a request interceptor to automatically
add an auth token to webviews with the right context. Some related
changes were required:
- We avoid storing _page, which was leading to leaks & warning on exit
- At webview creation (or set_kind() invocation), we assign either
an authenticated or unauthenticated web profile.
- Some of our screens initialize the AnkiWebView when calling, e.g.,
aqt.forms.stats.Ui_Dialog(). They then immediately call .set_kind().
This reveals a race condition in our DOM handling code: the webview
initialization creates an empty page with the injected script, which
causes a domDone signal to be sent back. This signal arrives after
we've created another page with .set_kind(), causing our code to think
the DOM is ready when it's not. Then when we try to inject the dynamic
styling, we get an error, as the DOM is not ready yet. In the absence
of better solutions, I've added a hack to set_kind() to deal with this
for now.
(cherry picked from commit 24bca15fd3)
The editor already strips script tags from fields, but was allowing
through Javascript in things like onclick handlers. We block this now,
as the editor context has access to internal APIs that we don't want to
expose to untrusted third-party code.
(cherry picked from commit 1c156905f8)
The previous commit added word-wrap, but it was not working after I'd
removed some other tweaks I'd made in testing, that I thought were not
required. I ended up switching to standard table columns and a fixed
layout, so that both the column and row headers will wrap properly.
* cap csv import preview table at 1000 columns
* add fluent message
* show warning when preview table columns have been truncated
* simplify fluent message ($count will almost always be a big num)
* _tr -> tr
* fix discard changes randomly being a noop on certain linux systems
* use QApplication.setActiveWindow instead
* revert current impl
* wait for the next event loop iter before calling activeWindow
I think this one really calls for a poll. Dae, I highly suggest you to ask multiple users whether "Optimize current" and "Optimize all" are clear enough or need "preset". I'm pretty sure most people will find it confusing without "preset".
* allow adding images via drag/drop when adding io
* support editing io notes as well
Co-authored-by: Abdo <abdo@abdnh.net>
---------
Co-authored-by: Abdo <abdo@abdnh.net>
* fix: specify canvas npm optional dep ignore workaround more cleanly
this should allow it to work with yarn classic and yarn modern
* chore: add self to CONTRIBUTORS
* Fix/re-optimize FSRS if short-term param is weird
* Reset progress when another run is required (dae)
* only count the same-day steps
* Fix flicker when optimizing again (dae)
Prior to this change, ./run fails out of the box on ARM systems, as Qt
wasn't available on PyPI until the 6.8 release.
Also added a script in tools/ for testing Qt6.8 issues on other platforms.
This reverts commit 04228de666.
Anki 25.01 Beta 1 revealed a bunch of regressions with the latest
Qt, and zero reports of improvements from it, so we'll be better off
holding off on it for now, and perhaps reporting the deadkeys issue
to Qt once we've got a proper reproduction process.
* Subtract introduced:1 count from learn count of first day of simulator.
* Fix: Cards filtered
* Tidy up
* Fix: Cards filtered (2)
* ./check
* Removed unnecessary filter
* Fix: Doesn't work for real new cards
* ./check
* Fix: .is_none()
* Limit to 1 day
* Removed "days_to_simulate" argument from convert
* Match calc of relative overdueness in SM2 and FSRS
* Fix calculation of FSRS relative overdueness
* Improve readability by avoiding double negative
* Move comment line
Hardcode them to:
SYNC_PORT=8080
SYNC_BASE=/anki_data
If these env variables are passed into the container with different values,
they are ignored.
The reasons is if the user modifies SYNC_BASE they risk data loss since
anki-sync-server will no longer write data into the volume. If they change
SYNC_PORT they need to also change it when mapping this internal port to the
external port of the container, which could be confusing plus it has no benefit
to allow this since it's always possible to change the external port even if
the internal port is fixed to 8080 (e.g. `-p 1234:8080`).
In both cases there is no benefit to making these values configurable and there
are risks associated.
Unfortunately there is no easy way of implementing this for the
Dockerfile.distroless so it's up to the user not to modify these values.
