* Revert "Sanitize field content in editor"
This reverts commit 1c156905f8.
* Use CSP to block inline JS content in editor
This blocks inline scripts, scripts in the media folder, and
handlers like onclick in the editor. This is nicer than the previous
solution - it doesn't make any permanent changes, and leaves other
content like SVGs alone. Thanks to Nil Admirari for the suggestion.
* Sanitize field content in editor
The editor already strips script tags from fields, but was allowing
through Javascript in things like onclick handlers. We block this now,
as the editor context has access to internal APIs that we don't want to
expose to untrusted third-party code.
* Require an auth token for API access
We were previously inspecting the referrer, but that is spoofable,
and doesn't guard against other processes on the machine.
To accomplish this, we use a request interceptor to automatically
add an auth token to webviews with the right context. Some related
changes were required:
- We avoid storing _page, which was leading to leaks & warning on exit
- At webview creation (or set_kind() invocation), we assign either
an authenticated or unauthenticated web profile.
- Some of our screens initialize the AnkiWebView when calling, e.g.,
aqt.forms.stats.Ui_Dialog(). They then immediately call .set_kind().
This reveals a race condition in our DOM handling code: the webview
initialization creates an empty page with the injected script, which
causes a domDone signal to be sent back. This signal arrives after
we've created another page with .set_kind(), causing our code to think
the DOM is ready when it's not. Then when we try to inject the dynamic
styling, we get an error, as the DOM is not ready yet. In the absence
of better solutions, I've added a hack to set_kind() to deal with this
for now.
* Provide AnkiWebPage init defaults for existing add-on callers
* Inject bridge script when profile set-up skipped
Some add-ons fully override AnkiWebPage.__init__ and thus depend on _setupBridge injecting the JS bridge script.
With this change we account for these cases, while giving add-ons the opportunity to look for solutions that do not require overriding AnkiWebPage.__init__ completely.
* Add some missed pages/endpoints (thanks to iamllama)
* Avoid sending API key for remote resources
Thanks to Abdo for the report
---------
Co-authored-by: Aristotelis P <201596065+aps-amboss@users.noreply.github.com>
* add min-height to fields
* 30px → 1.5em
This works with different font sizes too. Now there are no size jumps between empty field / field with string / field with empty html.
* replace use of deprecated createClassComponent with mount
* bump esbuild-svelte from 0.8.1 to 0.9.2
* mathjax-element.ts -> mathjax-element.svelte.ts
* move caret after tick
* Improve natural unit conversion for a time b/w 360 to 365 days
Previously, 363 days would be converted to 12.1 months, which is quite confusing because
- a user would think that if the value is more than 12 months, why it isn't displayed in years
- the value is actually less than a year, which is counterintuitive as 12.1 m suggests a value more than a year.
* precise
* Update time.ts to match timespan.rs
* Add another test
* Use average duration of a month instead
* Update time.ts
* Update test_schedv3.py
* Update time.test.ts
* Display median interval in Stats instead of mean
Median is better suited than mean for reporting skewed data.
* Display median ease in Stats instead of mean
* Update difficulty.ts
* Update ease.ts
* Update statistics.ftl
* Format eases.rs
* Remove unused import
* Change Median back to Average in UI
* Revert "Change Median back to Average in UI"
This reverts commit e0c1e3f8e4.
* Preserve the old translations for now (dae)
* Added: Leech suspend to simulator
* Added: leech threshold spin box
* Update git rev
* Added: Save to preset options
* ./check
* Added: "Advanced settings" dropdown
* Removed: Indent
* Added: Easy days
* Added: Sticky header
* Removed: Easy Day updating without saving
* un-nest disclosure
* bump fsrs
* Update a VSCode setting to match recent releases
* Move Easy Days above the Advanced settings
I think it's a bit more logical to have Advanced come last.
* Ensure graph fits inside screen height
* Bump fsrs version
* Feat/support load balance and easy days in FSRS simulator
* format
* consider LoadBalancerEnabled
* use fsrs::PostSchedulingFn
* add load balance and easy days to compute_optimal_retention
* move simulator to a pop-over
* fix incorrect simulationNumber when error 500
* Feat: Save to Preset Options
* update tabs when update newPerDay & reviewsPerDay
* don't reset deckSize & daysToSimulate when save options
* fix missing easy days
* plan to support review priority
* Fix graph line rendering with non-scaling stroke
* simplify review priority function with helper wrapper
* fallback to default ReviewPriority for Added & ReverseAdded
* Update ts/routes/deck-options/SimulatorModal.svelte
Co-authored-by: Luc Mcgrady <lucmcgrady@gmail.com>
* Wrap review priority function in Arc for thread-safe sharing
* more granularity for R sorting
* Add graph smoothing option to FSRS simulator
* Improve graph resize handling in FSRS simulator
* simplify review priority calculation
* Add review order selection to FSRS simulator modal
* Refactor review priority function using macro for conciseness
* Add copyright and license header to SimulatorModal.svelte
* cargo clippy
* ./ninja fix:eslint
* update fsrs-rs
* Update FSRS dependencies and refactor load balancing functions
- Update fsrs-rs dependency to latest commit
- Modify retention and simulator modules to use Arc instead of Box
- Update function signatures and imports in simulator module
- Simplify review card order handling with direct enum usage
* resolve reviewed changes
* replace .unwrap() with ?
* move simulating into SimulatorModal
* add (crate) to interval_to_weekday
* Update FsrsOptions.svelte
* format
---------
Co-authored-by: Luc Mcgrady <lucmcgrady@gmail.com>
Apparently no font size should be lower than 12px, see https://www.boia.org/blog/accessibility-tips-let-users-control-font-size.
With the current 55%, I get a computed font size of 8.25px though. Considering the text shows the helpful message "Press Enter to accept, Shift+Enter for new line.", I think we should add a minimum font size.
The previous commit added word-wrap, but it was not working after I'd
removed some other tweaks I'd made in testing, that I thought were not
required. I ended up switching to standard table columns and a fixed
layout, so that both the column and row headers will wrap properly.
* cap csv import preview table at 1000 columns
* add fluent message
* show warning when preview table columns have been truncated
* simplify fluent message ($count will almost always be a big num)
* _tr -> tr
* Fix/re-optimize FSRS if short-term param is weird
* Reset progress when another run is required (dae)
* only count the same-day steps
* Fix flicker when optimizing again (dae)
* Add percentage to FSRS spinner
This commit add a percentage option in SpinBox and SpinBoxFloatRow, set to False
by default.
If it's true, a percent symbol is added at the end of the line before
the increase/decrease button.
While the value is represented as a percentage without decimal places,
the internal representation is not changed. Which mean that a
multiplier must used to compute the string value, indicate to the
input field the min, max and step, and when updating the result.
* Remove unsightly percentage sign, and update historical retention too
https://github.com/ankitects/anki/pull/3679#issuecomment-2579636981
---------
Co-authored-by: Damien Elmes <gpg@ankiweb.net>
* make removeUnfinishedPolygon return whether a polygon was removed
* treat removing an unfinished polygon as a discrete undo step
* has to be handled when redoing as well, but not as a discrete step
The move to Sveltekit broke the 'card info during review' add-on and
its descendants. This didn't get noticed in 24.11 due to the old
card-info.js file still being shipped.
I considered adding back the card-info.js generation, but it ended up
being simpler to move parts of the add-on into a separate page instead.
This is a stop-gap solution - in the future I'd like to get us to a
point where such component compositions can be done by add-ons,
and don't need to be done as part of Anki's build process.
Related: #3187
* expose get_image_occlusion_fields
* fix create copy for io
* revert current impl
* passthru original note id when creating copy
* add IOCloningMode
* fix create copy for io
* Feat/support new cards ignore review limit in simulator
* ./ninja fix:minilints & ./ninja format
* use published crate
* make newCardsIgnoreReviewLimit reactive
* format
---------
Co-authored-by: Damien Elmes <gpg@ankiweb.net>
* NF: Modify CONTRIBUTORS
Just so that I stop getting the warning
* NF: Create `deckOptionsReady`
* NF: rename _close to require_close
The method will have to be used outside of this class, so can't be private
* NF: simplify slightly some code
* NF: remove bridge command from deck options
* Remove unused import
* Remove superfluous comment with a typo
* Tweak how the True Retention stats table displays numbers
- Always show fractional parts of numbers even if they are 0 (91.0% not 91%).
- Show "N/A" for percentages instead of 0% when there are 0 total reviews.
* Localise percentages correctly
* Make the True Retention table pretty
* Hide absolute pass/fail table for 'all'
* Run './ninja format'
* Manually run prettier on Svelte 5 components
* Refactor to not use {#snippet}
* Fix lint to pass check:eslint
* Fix lint to pass check:svelte
* Rename t9n -> tr to follow code style
* Replace hard-coded string with a translation string
* Use assertUnreachable(...) for exhaustively matching enum
* Fix: min value for Additional new cards not 0
* Fix: New cards/day default value not starting value
* Preset defaults for review intervals and per day.
* Fix: "Additional new cards to simulate" localisation
* Revert "Fix: "Additional new cards to simulate" localisation"
This reverts commit 9be61d9f93.
* Replace window.location in CardInfoDialog with load_sveltekit_page
* Fix format
* Fix ForgettingCurve's reactivity
* Props' default args aren't reactive
* Add global _updateCardId fn to card-info
* Use _updateCardId to reactively update card-info
* Fix format
* Fix type
* Use dummy form instead of window global for client-side nav
* Fallback to window.location in case form hasn't been rendered
* Use window.postMessage instead of dummy <form>
* Improve i18n and multi-platform display of FSRS Simulator
* Tweak the graph bounds to avoid overlapping of the y-axis tick values and the y-axis title
* Update CONTRIBUTORS
* I18n for 4 more strings
* Reduce TitledContainer wrapper of fsrs simulator graph to maximize content display area
* Clean unused variables
* Update ftl/core/deck-config.ftl
* Update ftl/core/deck-config.ftl
* Add gradient color for forgetting curve
* Add desiredRetention prop for CardInfo
* update CONTRIBUTORS
* Formatting
* Tweak range of gradient
* Tweak: salmon -> tomato
* Get desired retention of the card from backend
* Add a reference line for desired retention
* Fix: Corrected the steel blue's height & Hide desired retention line when yMin is higher than desiredRetentionY
* Add y axis title
* Show desired retention in the tooltip
* I18n: improve translation and vertical text display
* Revert rotatation&writing-mode of vertical title
* Tweak font-size of y axis title
* Fix: delete old desired retention line when changing duration
* Update ftl/core/card-stats.ftl
---------
Co-authored-by: Damien Elmes <dae@users.noreply.github.com>
* Separate failed message from optimal
* No reviews only
* Fix: Can't block optimize if not optimal
* Wording change
* Update ftl/core/deck-config.ftl
* Simplify code (dae)
* include backlog cards in today in future due graph
when backlog option is not checked
* Don't add the backlog to today when backlog disabled
---------
Co-authored-by: Damien Elmes <gpg@ankiweb.net>
* Update to stable Svelte 5 release
This causes a bunch of warnings to be omitted:
ts/routes/graphs/RangeBox.svelte:52:18
Warn: Properties of objects and arrays are not reactive unless in runes mode. Changes to this property will not cause the reactive statement to update (svelte)
break;
case RevlogRange.All:
$days = 0;
They are triggered on enum references, and it appears to be a bug.
May need to report it to Svelte?
* Deps update
* Silence spurious errors + fix a real one
https://github.com/sveltejs/svelte/issues/13811
* Fix 'Discard changes' dialog appearing even when no changes are made
https://forums.ankiweb.net/t/anki-24-10-beta/49989/166
* Fix geometry of deck options window not being saved
evt.accept() does not seem to trigger reject().
* add get_revlogs API
* fix tooltipText of ReviewsGraph
the style of true-retention shouldn't affect the style of tooltipText of ReviewsGraph
* More verbose wording (dae)
* Fix temporary disappearance of a tag
https://forums.ankiweb.net/t/anki-24-10-beta/49989/47
* Fix incorrect behavior after tag deletion
* Fix tag addition/selection buttons becoming invisible
Once tags were selected, subsequent deselection or selection did not
mount 'TagAddButton' or 'TagsSelectedButton' components.
* Feat/Easy Days
* format
* add easy_days_percentages to deck_config
* configure Easy Days via table
* remove unused code
* add translatable strings & add default of easy days
* don't check easy_days_percentages when deserialize
* pass test::all_reserved_fields_are_removed
* consider next_day_at when interval_to_weekday
* remove y-axis-title created in last simulation
* EstimatedTotalKnowledge should be integer
* Reorder deck option sections (dae)
- Move FSRS to bottom left, to move it closer to the top, and so
the left and right columns appear roughly balanced when FSRS is
enabled.
- Move Easy Days above Advanced
* Don't crash if wrong number of days (dae)
* Use lower field number (dae)
Repeated fields are more compactly stored in the first 15 fields.
* Prevent memory leak
* Fix deck option changes not detected until focus is lost
* Accurately determine if there are any pending changes
This makes it so that the confirmation dialog appears when it should,
and not when it shouldn't.
* polish graphs of simulator and forgetting curve
* True Retention: decrease precision of percentages
* apply uniform sampling rate to forgetting curve
* don't display time, only date when maxDays >= 365
* don't floor the totalDaysSinceLastReview
* correct cramming condition
* improve code-style
* polish ticks & tooltip of simulator
* remove unused import
* fix minor error of daysSinceFirstLearn
* filter out revlog entries from before the reset
https://forums.ankiweb.net/t/anki-24-10-beta/49989/63?u=l.m.sherlock
* use Math.ceil for windowSize
* fill currentColor for legend text
* remove mix-blend-mode: multiply
* tune the position of legend
This reverts commit 96ff4f1a4a.
This change broke adding of new occlusions on desktop:
JS error /_anki/js/editor.js:100016 Uncaught TypeError: Cannot read properties of undefined (reading 'getBoundingRect')
* Update to Svelte 5
* Fix `<tr> is invalid inside <table>`
* Update sveltekit-svg to match svelte version
Fixes deck options failing to load, and a bunch of warnings with
./yarn dev
* Fix graph tooltips
* Fix editor loading
* Fix MathJax editor not loading
* Formatting
* Fix new formatting errors
* Merge remote-tracking branch 'origin/main' into svelte5
* Remove slot inside EditorToolbar
I think this is just stray code left over from a refactor, but I'm
not 100% sure.
Fixes
Error: Object literal may only specify known properties, and 'children' does not exist in type '{ size: number; wrap: boolean; api?: Partial<EditorToolbarAPI> | undefined; }'. (ts)
<div class="note-editor">
<EditorToolbar {size} {wrap} api={toolbar}>
<slot slot="notetypeButtons" name="notetypeButtons" />
* Fix component typing error
* Comment out svelte/internal exports, so editor loads
* Fix image occlusions in editor
* Revert "Remove slot inside EditorToolbar"
This reverts commit b3095e07ac,
which prevented the Preview button from showing in the browser.
This will break our tests again.
* Update vite
* Disable routes/tmp for now
* Fix references issue in routes/tmp
* add name to about page
* use two decimal retention for calculations
* Update CONTRIBUTORS
* format
* Update CONTRIBUTORS
* Update CONTRIBUTORS
* Update CONTRIBUTORS
* If deck options are modified, ask before closing
This imitates the way the note editor behaves. If a user assumes by
error that chanhges are automatically saved, it ensures they won't
lose them.
Also, this will eventually allows to have the same feature on
AnkiDroid. While, currently, we always ask the user whether they want
to close the deck options, even when there are no modification, which
seems to regularly frustate users (including myself).
I'm new to Svelte, please let me know whether there is a better way to
obtain the information from Svelte state that I missed.
Note that I ensured that only a boolean can be obtained. I didn't
cause the whole state to be accessible. May be useful for some
add-ons, I guess, but risks breaking too much things.
Regarding the deckoptions.py, I tried to imitate addcards.py way to
check whether the add card view can be closed. Reusing the same
function and variable name when possible.
* Update qt/aqt/deckoptions.py (dae)
* Add comment about the usage of the input field in the statistics page (#3394)
* Fix formatting issues (#3394)
* Update ts/routes/graphs/RangeBox.svelte
Co-authored-by: Mike Hardy <github@mikehardy.net>
* Update ts/routes/graphs/RangeBox.svelte
Co-authored-by: Mike Hardy <github@mikehardy.net>
---------
Co-authored-by: Damien Elmes <dae@users.noreply.github.com>
Co-authored-by: Mike Hardy <github@mikehardy.net>
* Bump Python deps
Primarily for flask-cors CVE
* Bump TS deps; pin license checker
Current checker is missing the binary
https://github.com/RSeidelsohn/license-checker-rseidelsohn/issues/118
* Update Rust deps
Hyper and axum are held back as we currently make use of the older
http library that reqwest pulls in
* moved ignore setting to advanced
* Update CONTRIBUTORS
* Match width of other text inputs (dae)
The width was inconsistent before as well, but moving it next to
text inputs made it more obvious.
* Update amd64 docker container to Debian 11
This bumps the minimum required glibc to 2.29, which is 2019
Ubuntu/Fedora, and 2021 Debian.
Also remove the unused download of ninja
* Update to latest dprint
Unblocked by the glibc upgrade
* test using existed cards
* plot new and review
* convert learning cards & use line chart
* allow draw multiple simulations in the same chart
* support hide simulation
* convert x axis to Date
* convert y from second to minute
* support clear last simulation
* remove unused import
* rename
* add hover/tooltip
* fallback to default parameters
* update default value and maximum of deckSize
* add "processing..."
* fix mistake
