We take the simple/cheap way out and use ExtJS htmlEncode on all
entry points for this.
This is still mostly limited to 'doing it to yourself'.
The main fix is in app/view/main/Main.js where the title is rendered
out, and will apparently execute arbitrary javascript within a title
tag(!). This is an ExtJS thing, apparently, so we make it
unconditionally encode it to render on the bar.
Apparently this isn't the only place arbitrary execution can occur,
so just be safe(r).
This took some doing, but fixed the service removal thanks to ES6
Promises and a lot of detective work.
Also removed Auth0, and replaced it with a human-readable JSON
exporter/importer that works in the same way.
We now default to passive event listeners on all services,
as well as 100ms minimum granularity on setTimeout.
This is because many of the web-wrapped services constantly fire
totally unnecessary repaint events as fast as they can,
as well as actively listening for mouse events which also cause
unnecessary reflow.
On my machine, this cuts the CPU usage by ~70% while not affecting
the usability of any services.
There's a user-toggle available there. There's not a per-service
option for the ServiceList because it shouldn't affect anything
except in truly abnormal cases. If there needs to be one, we can add
it.
The original project README says no personal information will be saved,
but this level of analytics tracking is invasive, probably illegal, and
not disclosed. Pull it.
When the user changes the tab dock to left or right, the reorderer gets
into an inconsistent state. To solve this, the reorderer needs to be
reconfigured to look at the proper dimensions.
Now, the controller's `initialize` function is called every time the
user's preferences are changed. This was done so that it could re-orient
the service bar every time the configuration is changed, but could be
extended down the line for other configuration options.
Clearing all cache, storage data, etc. before removing but it keeps a
folder inside the app Partitions folder. This seems to be a "bug" of
Electron.
Related #828
TheGoddessInari
Ivan
Kevin Tran
Ramiro Saenz
Manuel Muradas