Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: halo-dev/halo
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v2.21.6
Choose a base ref
...
head repository: halo-dev/halo
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v2.21.7
Choose a head ref
  • 17 commits
  • 68 files changed
  • 3 contributors

Commits on Aug 12, 2025

  1. Check if the contents of comment and reply are valid before persisten… 

    …ce (#7677)

#### What type of PR is this?

/kind improvement
/area core
/milestone 2.21.x

#### What this PR does / why we need it:

This PR checks if the contents of comment and reply are valid before persistence to prevent users from XSS attacks.

#### Which issue(s) this PR fixes:

Fixes #7675

#### Special notes for your reviewer:

Try to comment or reply with the contents from <https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html>.

#### Does this PR introduce a user-facing change?

```release-note
检测评论和回复内容是否合法以防止 XSS 攻击
```
    @JohnNiang
    JohnNiang authored Aug 12, 2025
    Configuration menu
    Copy the full SHA
    535fe01 View commit details
    Browse the repository at this point in the history

  2. Comments now support rich text formatting display (#7674) 

    #### What type of PR is this?

/area ui
/kind feature
/milestone 2.21.x

#### What this PR does / why we need it:

Comments now support rich text format display.

Still need to:

1. Test for XSS vulnerabilities
2. Optimize content styling
3. Editor

#### Which issue(s) this PR fixes:

Fixes #7671

#### Special notes for your reviewer:

#### Does this PR introduce a user-facing change?

```release-note
评论内容支持以富文本格式显示
```
    @ruibaby
    ruibaby authored Aug 12, 2025
    Configuration menu
    Copy the full SHA
    09cd1f7 View commit details
    Browse the repository at this point in the history

  3. Fix the problem of memory leak caused by thymeleaf (#7678) 

    #### What type of PR is this?

/kind bug
/area core
/milestone 2.21.x

#### What this PR does / why we need it:

This PR replaces the dependency `thymeleaf-spring6` to apply the memory leak fix of <halo-dev/thymeleaf#1>.

Please note that this is a temporary fix, and we would revert this PR after Thymeleaf official released a new version including my fix.

#### Which issue(s) this PR fixes:

Fixes #7289

#### Special notes for your reviewer:

1. Execute command ab -c 100 -n 1000 -H 'Accept: text/html' -H 'Cache-Control: no-cache' http://localhost:8090/ and then press Ctrl + C to stop the thread.
2. See logs in Halo

#### Does this PR introduce a user-facing change?

```release-note
修复在特定情况下模板引擎可能出现内存泄漏的问题
```
    @JohnNiang
    JohnNiang authored Aug 12, 2025
    Configuration menu
    Copy the full SHA
    6f608f1 View commit details
    Browse the repository at this point in the history

Commits on Aug 13, 2025

  1. Allow <s> tag and class attribute on <code> in comments (#7682) 

    #### What type of PR is this?

/area code
/milestone 2.21.x
/kind improvement

#### What this PR does / why we need it:

Comments are allowed to contain `s` tags and `code` tags with class attributes for the following reasons:

1. `s`: The comment component uses tiptap editor's [strikethrough extension](https://tiptap.dev/docs/editor/extensions/marks/strike#:~:text=while%20you%20type.-,Restrictions,-The%20extension%20will) which enforces the use of `s` tags for strikethrough text and cannot be changed.
2. `code[class]`: Used for code highlighting (class="language-*")

#### Does this PR introduce a user-facing change?

```release-note
None
```
    @ruibaby
    ruibaby authored Aug 13, 2025
    Configuration menu
    Copy the full SHA
    eddcb5b View commit details
    Browse the repository at this point in the history

  2. Optimize comment notification template to support rich text rendering ( 

    …#7683)

#### What type of PR is this?

/area core
/area ui
/milestone 2.21.x
/kind feature

#### What this PR does / why we need it:

Optimize comment notification template to support rich text rendering

#### Does this PR introduce a user-facing change?

```release-note
None
```
    @ruibaby
    ruibaby authored Aug 13, 2025
    Configuration menu
    Copy the full SHA
    2bcfbbc View commit details
    Browse the repository at this point in the history

  3. Add subject-based comment list modal (#7681)

    @ruibaby
    ruibaby authored Aug 13, 2025
    Configuration menu
    Copy the full SHA
    f5af5a1 View commit details
    Browse the repository at this point in the history

Commits on Aug 15, 2025

  1. fix: pasting excel text will turn it into an image (#7689) 

    #### What type of PR is this?

/kind bug
/area editor

#### What this PR does / why we need it:

将粘贴图片上传的选项,改为仅支持单个文件,此举可以解决会将 excel 转为图片的问题。

#### How to test it?

在文章中粘贴 excel 表格中的内容,查看是否转为表格。

#### Does this PR introduce a user-facing change?
```release-note
解决将粘贴 Excel 内容会变为图片的问题。
```
    @LIlGG
    LIlGG authored Aug 15, 2025
    Configuration menu
    Copy the full SHA
    da10ed4 View commit details
    Browse the repository at this point in the history

  2. Include subjectRefKey in comments queryKey (#7685)

    @ruibaby
    ruibaby authored Aug 15, 2025
    Configuration menu
    Copy the full SHA
    7d51f38 View commit details
    Browse the repository at this point in the history

Commits on Aug 17, 2025

  1. Add external asset transfer for editor attachments (#7687) 

    #### What type of PR is this?

/area ui
/area editor
/kind feature
/milestone 2.21.x

#### What this PR does / why we need it:

Support transfer external assets in the editor to the attachment library. Currently, it supports individual images, videos, and audio files.

<img width="845" height="167" alt="image" src="https://github.com/user-attachments/assets/930c6207-60f5-491a-afbd-c3f75b0d76a6" />

in progress:

- [ ] Batch transferring of all external assets.

#### Which issue(s) this PR fixes:

Fixes #2335

#### Special notes for your reviewer:

#### Does this PR introduce a user-facing change?

```release-note
支持转存编辑器中的外部资源到附件库
```
    @ruibaby
    ruibaby authored Aug 17, 2025
    Configuration menu
    Copy the full SHA
    3105c53 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #7695 from ruibaby/feat/comment-a-target 

    Allow target attribute on <a> tags in comment sanitizer
    @ruibaby
    ruibaby authored Aug 17, 2025
    Configuration menu
    Copy the full SHA
    3345ccb View commit details
    Browse the repository at this point in the history

  3. Fix role dependency handling in role editing form (#7684) 

    #### What type of PR is this?

/area ui
/kind bug
/milestone 2.21.x

#### What this PR does / why we need it:

See #7676 

#### Which issue(s) this PR fixes:

Fixes #7676 

#### Special notes for your reviewer:

#### Does this PR introduce a user-facing change?

```release-note
修复角色修改表单中,所选权限可能出现不完整的问题。
```
    @ruibaby
    ruibaby authored Aug 17, 2025
    Configuration menu
    Copy the full SHA
    e6f8783 View commit details
    Browse the repository at this point in the history

  4. Support async permission checks in route menu generator (#7688) 

    #### What type of PR is this?

/area ui
/kind feature
/milestone 2.21.x

#### What this PR does / why we need it:

Support async permission checks in route menu generator

example:

```ts
{
  path: "",
  name: "Foo",
  component: Foo,
  meta: {
    title: "Foo",
    searchable: true,
    permissions: async () => {
      const { data } = await checkPermission();
      return data;
    },
    menu: {
      name: "Foo",
      group: "content",
      icon: markRaw(MingcuteBook2Line),
      priority: 4,
      mobile: false,
    },
  },
}
```

#### Which issue(s) this PR fixes:

Fixes #

#### Special notes for your reviewer:

#### Does this PR introduce a user-facing change?

```release-note
开发者相关:路由的权限检查支持函数
```
    @ruibaby
    ruibaby authored Aug 17, 2025
    Configuration menu
    Copy the full SHA
    3f5b69d View commit details
    Browse the repository at this point in the history

Commits on Aug 19, 2025

  1. Add support for hidden comments (#7679) 

    * Add 'hidden' field to comment and reply requests

Signed-off-by: Ryan Wang <[email protected]>

* Add support for filtering comments with hidden

* Specify hidden=false and approved=true for anonymous users

* Set default hidden flag only if null in comments

* Add 'private reply' option to comment modals

* Add private tag for hidden comments and replies

* Allow hiding comments only

* Enhance comment visibility logic to allow owners to view hidden comments

* Remove hidden input for reply form

Signed-off-by: Ryan Wang <[email protected]>

* Refine i18n

Signed-off-by: Ryan Wang <[email protected]>

---------

Signed-off-by: Ryan Wang <[email protected]>
Co-authored-by: John Niang <[email protected]>
    @ruibaby @JohnNiang
    ruibaby and JohnNiang authored Aug 19, 2025
    Configuration menu
    Copy the full SHA
    3487132 View commit details
    Browse the repository at this point in the history

  2. Support async route permissions in guards (#7700) 

    #### What type of PR is this?

/area ui
/kind bug
/milestone 2.21.x

#### What this PR does / why we need it:

Fix routing navigation issue with async route permission functions

Caused by #7688

#### Does this PR introduce a user-facing change?

```release-note
None
```
    @ruibaby
    ruibaby authored Aug 19, 2025
    Configuration menu
    Copy the full SHA
    157a8eb View commit details
    Browse the repository at this point in the history

  3. Fix pending comments calculation in post list item (#7703) 

    #### What type of PR is this?

/area ui
/kind bug
/milestone 2.21.x

#### What this PR does / why we need it:

Fix pending comments calculation in post list item

#### Does this PR introduce a user-facing change?

```release-note
None
```
    @ruibaby
    ruibaby authored Aug 19, 2025
    Configuration menu
    Copy the full SHA
    568ebf5 View commit details
    Browse the repository at this point in the history

  4. Bump rolldown-vite to 7.1.4 (#7704) 

    #### What type of PR is this?

/area ui
/milestone 2.21.x

#### What this PR does / why we need it:

Bump rolldown-vite to [7.1.4](https://github.com/vitejs/rolldown-vite/releases/tag/v7.1.4)

#### Does this PR introduce a user-facing change?

```release-note
None
```
    @ruibaby
    ruibaby authored Aug 19, 2025
    Configuration menu
    Copy the full SHA
    e2bb5ad View commit details
    Browse the repository at this point in the history

  5. Update comment widget plugin to v3.0.0 (#7705)

    @ruibaby
    ruibaby authored Aug 19, 2025
    Configuration menu
    Copy the full SHA
    4ac80f5 View commit details
    Browse the repository at this point in the history
Loading