- Fix: Allow language to be properly set back to a different locale and
retaining preference (and ensure language changes are available before
dialog closed)
- Refactoring: array extra/spread operator
- npm: Update devDep (sinon-test)
on touch devices (since `touch.js` changes `touchstart` to
`mousedown`) (@ClemArt); closes#168
- Fix: Ensure extension `mouseup` events run on "zoom" and "select"
modes (@iuyiuy); closes#159
to select all (part of #291)
- Enhancement: Add a global escape key listener to clear the selection
- Refactoring: Change 'a' to lower case in key command to avoid impression
that shift is needed
again so as not to break old SVG-Edit which fail at *presence* of
`namespace` (fixes#274)
- Known regression: Remove Openclipart as its site's now setting of
`X-Frame-Options` to `"sameorigin"` makes it unusable on our end
for our cross-origin uses
- Forward compatibility enhancement: For IAN image library, add
`svgedit=3` param to URL so that it can keep using old API for
SVG-Edit versions before 3, while conditionally using new object-based
API now (and if we switch exclusively to the object-based API in the
future, this site will continue to work)
- Docs: Add "Forward compatibility enhancement" to list
alternative to `namespace` so as not to break old SVG-Edit which fail
at *presence* of `namespace` (fixes#274)
- Forward compatibility enhancement: Once IE9 support may be dropped,
we may post messages as objects, so don't break if objects received
(embedded API, xdomain, Imagelib)
config array be set with safe origins or otherwise reject `postMessage`
messages in case from untrusted sources
- Security fix/Breaking change (xdomain): Namespace xdomain file to avoid
it being used to modify non-xdomain storage
- Security fix (Imagelib): Expose `dropXMLInternalSubset` to extensions
for preventing billion laughs attack (and use in Imagelib)
setting (though this was only for trusted origins anyways)
- Security fix (minor): For embedded API example, copy params to iframe
source without XSS risk (though params should already be XML-safe
given `encodeURIComponent` and lack of a single quote attribute context)
- Linting (LGTM): Flag origin-checked item as safe
- Refactoring: Destructuring, ellipsis
- Docs (JSDoc): Missing return value
- Fix: Ensure all apostrophes are escaped for `toXml` utility
- Fix: Avoid error if `URL` is not defined
- Fix (jPicker): Precision argument had not been passed in previously
- Fix (Star extension): Minor: Avoid erring if `inradius` is `NaN`
- Refactoring: Avoid passing unused arguments, setting unused variables,
and making unnecessary checks; avoid useless call to `createSVGMatrix`
- Linting (LGTM): Add `lgtm.yml` file (still some remaining items flagged
but hoping for in-code flagging)
- Docs: Contributing file
- Breaking change (minor): Change export filename to check `exportWindowName` and change default from `download.pdf` to `svg.pdf` to distinguish from other downloads
- Enhancement: Restore old dataURI functionality for non-Chrome browsers
- Fix (i18n): Regression in last commit with locales and apostrophe values
- npm: Avoid adding config files to ignore file
- npm: Bump to 3.0.0-rc.2
- Build: Update build
Incorporates #147
- Fix: Ensure shift-key cycling through flyouts works with extension-added
`includeWith` as well as toolbarbuttons
- Fix: Apply flyout arrows after extensions callback
- Fix: Ensure SVG icon of flyout right-arrow is cloned to can be applied to
more than one extension
- Fix: Ensure line tool shows as selected when "L" key command is used
- Refactoring: Avoid passing on `undefined` var. (#147)
- Refactoring: lbs; avoid indent in connector, destructuring, use map over push
- Docs: Clarify nature of fixes
- Docs: JSDoc for `setupFlyouts`, `Actions`, `toggleSidePanel`; missing for
ToolbarButton
Brett Zamir
eric