only working now in Chrome if same origin or if https?--at least not
localhost of different ports), PDF export has been fixed (we download the
PDF to workaround data URI limitations in Chrome)
- Fix (Embedded editor): Avoid using same origin shortcut if there is no
global available to use (e.g., if using the modular editor)
- Fix (Embedded editor): Add events only after load is complete and
svgCanvas is available; also log blocked error objects
- Enhancement: For PDF export, switch Chrome by default to "save" `outputType`
- Docs (JSdoc): Denote optional arguments
- Docs: More info on `importLocale` for extensions
- Refactoring: Better type-checking on `canvasRGBA_` (but set correctly by default anyways)
- Build: Remove unused Makefile
`storagePromptState`; used by `ext-storage.js`
- Fix (regression): Ensure storage dialog will not be blocked because of
canvas updating done for sake of centering background
- Fix (extensions): Ensure `langReady` changes are available by time prefs
dialog is closed and that its changes have occurred by time extensions
have first loaded (`setLang` now returns a Promise rather than `undefined`
as it waits for extension's `langReady` to resolve); this is also useful
with `ext-storage.js` so we know that `extensions_loaded` (which
conditionally updates the canvas based on `storagePromptState`) has seen
`langReady` and the storage extension hasn't set a `storagePromptState`
of "waiting"
- Fix: Allow language to be properly set back to a different locale and
retaining preference (and ensure language changes are available before
dialog closed)
- Refactoring: array extra/spread operator
- npm: Update devDep (sinon-test)
on touch devices (since `touch.js` changes `touchstart` to
`mousedown`) (@ClemArt); closes#168
- Fix: Ensure extension `mouseup` events run on "zoom" and "select"
modes (@iuyiuy); closes#159
to select all (part of #291)
- Enhancement: Add a global escape key listener to clear the selection
- Refactoring: Change 'a' to lower case in key command to avoid impression
that shift is needed
again so as not to break old SVG-Edit which fail at *presence* of
`namespace` (fixes#274)
- Known regression: Remove Openclipart as its site's now setting of
`X-Frame-Options` to `"sameorigin"` makes it unusable on our end
for our cross-origin uses
- Forward compatibility enhancement: For IAN image library, add
`svgedit=3` param to URL so that it can keep using old API for
SVG-Edit versions before 3, while conditionally using new object-based
API now (and if we switch exclusively to the object-based API in the
future, this site will continue to work)
- Docs: Add "Forward compatibility enhancement" to list
alternative to `namespace` so as not to break old SVG-Edit which fail
at *presence* of `namespace` (fixes#274)
- Forward compatibility enhancement: Once IE9 support may be dropped,
we may post messages as objects, so don't break if objects received
(embedded API, xdomain, Imagelib)
config array be set with safe origins or otherwise reject `postMessage`
messages in case from untrusted sources
- Security fix/Breaking change (xdomain): Namespace xdomain file to avoid
it being used to modify non-xdomain storage
- Security fix (Imagelib): Expose `dropXMLInternalSubset` to extensions
for preventing billion laughs attack (and use in Imagelib)