Thanks to visit codestin.com
Credit goes to github.com

Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: basecamp/trix
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v2.1.16
Choose a base ref
...
head repository: basecamp/trix
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v2.1.17
Choose a head ref
  • 19 commits
  • 13 files changed
  • 4 contributors

Commits on Jun 17, 2025

  1. Update README.md 

    Removed BC3 reference.
    @Cromian
    Cromian authored Jun 17, 2025
    Configuration menu
    Copy the full SHA
    379943c View commit details
    Browse the repository at this point in the history

Commits on Dec 31, 2025

  1. Replace Karma with @web/test-runner 

    while keeping QUnit and SauceLabs.

- SAUCE_REGION support to configure region
- tunnelIdentifier in sauce:options - to connect through the tunnel
- Local QUnit/fixtures serving - to avoid CDN issues through tunnel
- hostname: '0.0.0.0' - to allow Sauce Connect to reach WTR

Co-Authored-By: Claude Opus 4.5 <[email protected]>
    @flavorjones @claude
    flavorjones and claude committed Dec 31, 2025
    Configuration menu
    Copy the full SHA
    bf38908 View commit details
    Browse the repository at this point in the history

  2. Restore Android browser testing to Sauce Labs configuration 

    Co-Authored-By: Claude Opus 4.5 <[email protected]>
    @flavorjones @claude
    flavorjones and claude committed Dec 31, 2025
    Configuration menu
    Copy the full SHA
    4df5db6 View commit details
    Browse the repository at this point in the history

  3. Add test progress reporting in local dev 

    WTR doesn't support per-test progress reporting, so let's use a
middleware endpoint as a callback to emit minitest-style test status.

In CI, though, we'll continue to use the default reporter because we
want to see per-browser results (via Sauce Labs) and don't care about
realtime progress.

Co-Authored-By: Claude Opus 4.5 <[email protected]>
    @flavorjones @claude
    flavorjones and claude committed Dec 31, 2025
    Configuration menu
    Copy the full SHA
    c20a85d View commit details
    Browse the repository at this point in the history

Commits on Jan 3, 2026

  1. Merge pull request #1272 from basecamp/flavorjones/replace-karma-with… 

    …-wtr

Replace Karma with `@web/test-runner`
    @flavorjones
    flavorjones authored Jan 3, 2026
    Configuration menu
    Copy the full SHA
    32b1082 View commit details
    Browse the repository at this point in the history

Commits on Jan 9, 2026

  1. ci: enable workflow dispatch via the UI

    @flavorjones
    flavorjones committed Jan 9, 2026
    Configuration menu
    Copy the full SHA
    36a2c89 View commit details
    Browse the repository at this point in the history

  2. Get downstream Rails tests passing again 

    The leak checker is causing issues unless we externally set RACK_ENV,
see rails/rails#56563
    @flavorjones
    flavorjones committed Jan 9, 2026
    Configuration menu
    Copy the full SHA
    ca66016 View commit details
    Browse the repository at this point in the history

  3. Add Ruby 4 to the testing matrix 

    and remove Ruby 3.2 testing against Rails main
    @flavorjones
    flavorjones committed Jan 9, 2026
    Configuration menu
    Copy the full SHA
    e31aae7 View commit details
    Browse the repository at this point in the history

  4. Update the copyright in trix.js 

    without which the regeneration check fails
    @flavorjones
    flavorjones committed Jan 9, 2026
    Configuration menu
    Copy the full SHA
    2a8dbcc View commit details
    Browse the repository at this point in the history

  5. Merge pull request #1276 from basecamp/flavorjones/ci-green-20260109 

    ci: get green (2026-01-09 edition)
    @flavorjones
    flavorjones authored Jan 9, 2026
    Configuration menu
    Copy the full SHA
    1d2d1a3 View commit details
    Browse the repository at this point in the history

  6. Test runner reporter emits failure details 

    Neglected to include failure reporting in c20a85d 😅
    @flavorjones
    flavorjones committed Jan 9, 2026
    Configuration menu
    Copy the full SHA
    6f6ab9a View commit details
    Browse the repository at this point in the history

  7. Use source-map to get better test failure messages

    @flavorjones
    flavorjones committed Jan 9, 2026
    Configuration menu
    Copy the full SHA
    c94abe6 View commit details
    Browse the repository at this point in the history

  8. Merge pull request #1275 from basecamp/flavorjones/wtr-failure-messages 

    Report web-test-runner test failures
    @flavorjones
    flavorjones authored Jan 9, 2026
    Configuration menu
    Copy the full SHA
    194a36c View commit details
    Browse the repository at this point in the history

Commits on Feb 27, 2026

  1. Fix bullets merging with prior elements when the first node is removed

    @monorkin
    monorkin committed Feb 27, 2026
    Configuration menu
    Copy the full SHA
    bef13e2 View commit details
    Browse the repository at this point in the history

Commits on Mar 3, 2026

  1. Merge pull request #1280 from basecamp/fix-bullets-merging-with-prior… 

    …-element

Fix bullets merging with prior elements on Firefox when the first node is removed
    @flavorjones
    flavorjones authored Mar 3, 2026
    Configuration menu
    Copy the full SHA
    d9dbf0a View commit details
    Browse the repository at this point in the history

  2. Merge pull request #1239 from Cromian/patch-1 

    Update README.md
    @flavorjones
    flavorjones authored Mar 3, 2026
    Configuration menu
    Copy the full SHA
    7069343 View commit details
    Browse the repository at this point in the history

Commits on Mar 11, 2026

  1. Fix stored XSS via data-trix-serialized-attributes sanitizer bypass (… 

    …H1 #3581911)

Strip `data-trix-serialized-attributes` in the DOMPurify `uponSanitizeAttribute`
hook before the `data-trix-*` force-keep logic runs.

This attribute is unique among `data-trix-*` attributes: it is the only one whose
value is later treated as trusted instructions to create arbitrary DOM attributes
via `el.setAttribute(name, value)` in the serialization code. No other `data-trix-*`
attribute has this XSS-enabling property:

- `data-trix-attachment` content is re-sanitized when rendered in AttachmentView
- `data-trix-attributes` is reduced to caption/presentation for attachment pieces
- The remaining internal markers (data-trix-id, data-trix-store-key, etc.) are
  stripped or regenerated during serialization and never reach an executable sink

The fix is therefore narrowly scoped to `data-trix-serialized-attributes`. The
legitimate producer (PreviewableAttachmentView) sets this attribute at runtime on
live DOM elements and never goes through DOMPurify, so it is unaffected.
    @flavorjones
    flavorjones committed Mar 11, 2026
    Configuration menu
    Copy the full SHA
    3229c29 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #1282 from basecamp/h1-3581911-serialized-attr 

    Fix stored XSS via data-trix-serialized-attributes bypass
    @flavorjones
    flavorjones authored Mar 11, 2026
    Configuration menu
    Copy the full SHA
    53197ab View commit details
    Browse the repository at this point in the history

  3. v2.1.17

    @flavorjones
    flavorjones committed Mar 11, 2026
    Configuration menu
    Copy the full SHA
    2e46d51 View commit details
    Browse the repository at this point in the history
Loading