VARASYS/ZDDC
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

release: v0.0.11 lockstep
All checks were successful
Notify chart dev on beta cut / notify-chart-dev (push) Successful in 3s
Details
Build + deploy releases / build-and-deploy (push) Successful in 8s
Details
Build + deploy releases / notify-chart-prod (push) Successful in 3s
Details

Browse source
This commit is contained in:
ZDDC 2026-05-03 19:03:05 -05:00
parent 042884ac5d
commit bf54651fb0
8 changed files with 50 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
mdedit/dist/mdedit.html vendored
View file

@ -1774,7 +1774,7 @@ body.help-open .app-header {
</svg>
<div class="header-title-group">
<span class="app-header__title">ZDDC Markdown</span>
<span class="build-timestamp">v0.0.10</span>
<span class="build-timestamp">v0.0.11</span>
</div>
<button id="select-directory" class="btn btn-primary" title="Select a Directory">Select Directory</button>
</div>

27
zddc/internal/apps/embedded/archive.html
View file

@ -2113,7 +2113,7 @@ td[data-field="trackingNumber"] {
</svg>
<div class="header-title-group">
<span class="app-header__title">ZDDC Archive</span>
<span class="build-timestamp">v0.0.10</span>
<span class="build-timestamp">v0.0.11</span>
</div>
<button id="addDirectoryBtn" class="btn btn-primary">Add Local Directory</button>
<button id="refreshHeaderBtn" class="btn btn-secondary hidden" title="Refresh Data" style="font-size:1.1rem;"></button>
@ -5548,9 +5548,28 @@ window.app.modules.filtering = {
*/
async function showFilePreview(file) {
const ext = file.extension.toLowerCase();
try {
const url = await getFileBlobUrl(file);
// For HTML preview, prefer the file's real server URL over a
// blob URL when available (zddc-server-backed archives have
// file.url set; local FileSystemAccessAPI mode doesn't).
//
// Why it matters: HTML files in an archive often link to
// sibling/parent paths via relative URLs — e.g.
// ../.archive/<tracking>.html — which zddc-server intercepts
// and resolves. From a blob: URL the relative resolution
// produces blob:.../.archive/X.html, which never reaches the
// server. Loading the iframe from the actual https://zddc.../
// URL means relative links resolve back to the server and the
// .archive interception fires as designed.
//
// Other types (pdf, images rendered via canvas / iframe etc.)
// are content-only — they don't depend on relative URLs — so
// a blob URL is fine.
const isHtml = ext === 'html' || ext === 'htm';
const url = (isHtml && file.url)
? file.url
: await getFileBlobUrl(file);
// Mirror the parent window's theme in the popup
const parentTheme = document.documentElement.getAttribute('data-theme') || '';
@ -5714,7 +5733,7 @@ window.app.modules.filtering = {
<button class="btn" onclick="downloadFile()">Download</button>
</div>
${(ext === 'pdf' || ext === 'html' || ext === 'htm')
? '<iframe src="' + url + '"' + (ext === 'pdf' ? '' : ' sandbox=""') + '></iframe>'
? '<iframe src="' + url + '"' + (ext === 'pdf' ? '' : ' sandbox="allow-same-origin allow-popups allow-popups-to-escape-sandbox"') + '></iframe>'
: '<div id="previewContent"><div class="loading">Loading preview...</div></div>'}
<script>
var blobUrl = "${url}";

11
zddc/internal/apps/embedded/classifier.html
View file

@ -1376,7 +1376,7 @@ body.help-open .app-header {
</svg>
<div class="header-title-group">
<span class="app-header__title">ZDDC Classifier</span>
<span class="build-timestamp">v0.0.10</span>
<span class="build-timestamp">v0.0.11</span>
</div>
<button id="selectDirectoryBtn" class="btn btn-primary">Select Directory</button>
<button id="refreshBtn" class="btn btn-secondary hidden" title="Refresh and rescan directory">Refresh</button>
@ -6782,10 +6782,11 @@ body.help-open .app-header {
case 'pdf':
return `<iframe src="${blobUrl}#view=FitV"></iframe>`;
case 'html':
// Render the HTML natively (not as literal text). sandbox=""
// disables scripts / forms / top-level nav / plugins so an
// archived HTML file can't run code in the popup's origin.
return `<iframe src="${blobUrl}" sandbox=""></iframe>`;
// Render the HTML natively (not as literal text). Sandbox
// flags allow same-origin resource loads + opening links
// in real new tabs (target=_blank / middle-click), but
// NOT allow-scripts — archived HTML cannot run JS.
return `<iframe src="${blobUrl}" sandbox="allow-same-origin allow-popups allow-popups-to-escape-sandbox"></iframe>`;
case 'image':
return `<img src="${blobUrl}" alt="${escapeHtml(file.originalFilename)}" />`;
case 'text':

2
zddc/internal/apps/embedded/index.html
View file

@ -866,7 +866,7 @@ body {
</g>
</svg>
<span class="app-header__title">ZDDC Archive</span>
<span class="build-timestamp">v0.0.10</span>
<span class="build-timestamp">v0.0.11</span>
</div>
<div class="header-right">
<button id="theme-btn" class="btn btn-secondary" title="Theme: auto (follows OS)" aria-label="Theme: auto (follows OS)"></button>

2
zddc/internal/apps/embedded/mdedit.html
View file

@ -1774,7 +1774,7 @@ body.help-open .app-header {
</svg>
<div class="header-title-group">
<span class="app-header__title">ZDDC Markdown</span>
<span class="build-timestamp">v0.0.10</span>
<span class="build-timestamp">v0.0.11</span>
</div>
<button id="select-directory" class="btn btn-primary" title="Select a Directory">Select Directory</button>
</div>

17
zddc/internal/apps/embedded/transmittal.html
View file

@ -2210,7 +2210,7 @@ dialog.modal--narrow {
</svg>
<div class="header-title-group">
<span class="app-header__title">ZDDC Transmittal</span>
<span class="build-timestamp">v0.0.10</span>
<span class="build-timestamp">v0.0.11</span>
</div>
<div class="app-header__spacer"></div>
<div class="app-header__icons">
@ -7615,15 +7615,20 @@ dialog.modal--narrow {
// PDF and HTML preview natively in an iframe — for HTML this
// means the page is RENDERED (not shown as literal source text);
// the blob's MIME type ('text/html', see getMimeType) tells the
// browser to render. `sandbox=""` on the HTML iframe disables
// all dangerous capabilities (scripts, top-level navigation,
// forms, plugins, popups) since these are arbitrary archived
// files we don't trust to run JS in the parent's origin.
// browser to render. The HTML iframe is sandboxed:
// - allow-same-origin: needed so the iframe's resource loads
// (img / link / etc.) work normally for same-origin paths.
// - allow-popups + allow-popups-to-escape-sandbox: clicking
// <a target="_blank"> (or middle-click) opens a real new tab
// with full browser features. Without these, link clicks
// intended for new tabs silently no-op.
// - NO allow-scripts: archived HTML cannot run JS in this
// popup's origin.
var contentHtml;
if (ext === 'pdf') {
contentHtml = '<iframe src="' + safeHref + '"></iframe>';
} else if (ext === 'html' || ext === 'htm') {
contentHtml = '<iframe src="' + safeHref + '" sandbox=""></iframe>';
contentHtml = '<iframe src="' + safeHref + '" sandbox="allow-same-origin allow-popups allow-popups-to-escape-sandbox"></iframe>';
} else {
contentHtml = '<div id="previewContent"><div class="loading">Loading preview...</div></div>';
}

12
zddc/internal/apps/embedded/versions.txt
View file

@ -1,7 +1,7 @@
# Generated by build.sh — do not edit. One <app>=<build label> per line.
archive=v0.0.10
transmittal=v0.0.10
classifier=v0.0.10
mdedit=v0.0.10
landing=v0.0.10
form=v0.0.10
archive=v0.0.11
transmittal=v0.0.11
classifier=v0.0.11
mdedit=v0.0.11
landing=v0.0.11
form=v0.0.11

2
zddc/internal/handler/form.html
View file

@ -722,7 +722,7 @@ body.help-open .app-header {
</g>
</svg>
<span class="app-header__title" id="form-title">ZDDC Form</span>
<span class="build-timestamp">v0.0.10</span>
<span class="build-timestamp">v0.0.11</span>
</div>
<div class="header-right">
<button id="theme-btn" class="btn btn-secondary" title="Theme: auto (follows OS)" aria-label="Theme: auto (follows OS)"></button>