This is convenient, but suboptimal on a Mac at the moment. The first
run of mpv will take a number of seconds for security checks to run,
and our mpv code ends up timing out, repeating the process each time.
Our installer stub will need to invoke mpv once first to get it validated.
We could address this by distributing the audio with the installer/stub,
or perhaps by putting the binaries in a .pkg file that's notarized+stapled
and then included in the wheel.
Closes#3787, and is a step towards #3081 and #4022
This change breaks our PyOxidizer bundling process. While we probably
could update it to work with the new venvs & lockfile, my intention
is to use this as a base to try out a uv-based packager/installer.
Still to do:
- move mpv distribution to a wheel
- build the new uv-based installer.
Some notes about the changes:
- Use uv for python download + venv installation
- Drop python/requirements* in favour of pyproject files / uv.lock
- Bumped to latest Python 3.9 version. The move to 3.13 should be
a fairly trivial change when we're ready.
- Dropped the old write_wheel.py in favour of uv/hatchling. This has
the unfortunate side-effect of dropping leading zeros in our wheels,
which we could try hack around in the future.
- Switch to Qt 6.7 for the dev repo, as it's the first PyQt version
with a Linux/ARM WebEngine wheel.
- Unified our macOS deployment target with minimum required for ARM.
- Dropped unused fluent python files
- Dropped unused python license generation
- Dropped helpers to run under Qt 5, as our wheels were already
requiring Qt 6 to install.
* Treat play_file() and co as internal routines without protection
Our code and add-ons need a way to play audio from arbitrary locations. I propose we treat the _tag API as suitable for user input, and the _file API for internal use.
* Mention basename in the *_file() paths
We were (partially) doing this for MpvManager, but not for
Windows' SimpleMpvPlayer. By passing a media file starting
with a special scheme, a malicious actor could have caused a file to
be written to the filesystem on Windows.
Thanks once again to Michael Lappas for the report.
* add left margin to browser when sidebar is closed
* listen for event instead of explicit user action
* refresh sidebar on visibility change
* Add a margin on macOS even when not collapsed
---------
Co-authored-by: Damien Elmes <gpg@ankiweb.net>
Instantiating `MPV(MPVBase)` triggers multiple synchronous `command()` calls to the mpv process during callback registration. These calls block the main thread and degrade startup performance. This change defers registration via `taskman.run_in_background`.
* use non breaking spaces for names on about page
* Update qt/aqt/about.py
Co-authored-by: llama <gh@siid.sh>
---------
Co-authored-by: llama <gh@siid.sh>
(originally merged into a PR branch)
* Make URL schemes dialog more ergonomic
* add name to contributors list
* Title Case
* Tweak build instructions so Cursor picks them up
* Use a warning icon for the URL scheme pop-up
* Default to cancelling
mpv looks for ytdl on the path, which includes the CWD on Windows.
A malicious shared deck could place an executable called yt-dlp.exe in the
media folder, which mpv would then helpfully invoke the first time
a YouTube link was encountered.
A big thank you to Michael Lappas for the report.
Currently, if a user tries to close Preview which was opened inside Browse, the "parent" Browse window itself gets closed
Co-authored-by: beyondcompute <beyondcompute@users.noreply.github.com>
* Add a way to pass information from browser_will_search to browser_did_search without having it going to the backend
* Allow None for SearchContext.properties
* Adding myself in CONTRIBUTORS
* Rename SearchContext.properties to SearchContext.addon_metadata
* Revert "Adding myself in CONTRIBUTORS"
This reverts commit a993577279.
* Reapply "Adding myself in CONTRIBUTORS"
This reverts commit f3ce51c83d.
* Enable Cmd+W shortcut in "Edit Current" on Mac
* Enable Cmd+W shortcut in "Fields" editor on Mac
* Enable Cmd+W shortcut in "Cards" editing on Mac
* Enable Cmd+W shortcut in "Sync" tab modal on Mac
* Enable Cmd+W shortcut in "Custom Study" tab modal on Mac
* Enable Cmd+W shortcut in Settings view on Mac
* Enable Cmd+W shortcut in Export dialogs on Mac
* Enable Cmd+W shortcut for getText dialog on Mac
* Enable Cmd+W shortcut in "Change Deck" on Mac
* Enable Cmd+W shortcut in Reposition dialog on Mac
* Enable Cmd+W shortcut in "Grade Now" dialog on Mac
* Enable Cmd+W shortcut in "Reset…" dialog on Mac
* Remove duplicate camelCase variant of add_close_shortcut (dae)
- The camelCase variant will remain accessible with a warning.
- The removed setattr line is legacy cruft, and wasn't doing anything.
* NF: replace `disabled` by `enabled`
This allows to remove the negations and, in my opinion, make the code
easier to understand and edit.
* Cloze button get disabled outside of cloze field
More specifically, if the user focus in a field that is not a cloze
field, the button are still there but appear as disabled. The shortcut
instead of adding the cloze context shows an alert explaining why this
can't be done.
While this message is already displayed when the user tries to add a
note with cloze in non-cloze field, I suspect it will save time to
stop the user as soon as possible from making mistake. This should
make very clear what is authorized and what is not.
It'll also be a reminder of whether the current field is a cloze or
not.
In order to do this, I added a back-end method (that I expect we may
reuse in ankidroid) to get the index of the fields used in cloze. This
set is sent to the note editor, which propagates it where needed.
In mathjax, the cloze symbol is removed when the selected field is not
a cloze field.
* Revert "Sanitize field content in editor"
This reverts commit 1c156905f8.
* Use CSP to block inline JS content in editor
This blocks inline scripts, scripts in the media folder, and
handlers like onclick in the editor. This is nicer than the previous
solution - it doesn't make any permanent changes, and leaves other
content like SVGs alone. Thanks to Nil Admirari for the suggestion.
