Merged
Conversation
Adds a standalone messages.html page hosted on the Cloudflare Pages site, allowing iOS/iPadOS users (and anyone without userscript support) to read and send XMOJ short messages via the existing API. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…bility Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… instructions Bookmarklets are not usable on mobile and confusing on desktop. Make the session (PHPSESSID) tab the default with an accordion of step-by-step instructions for Chrome, Firefox, Safari (macOS), and iOS/iPadOS. Bookmarklet tab kept as secondary option for desktop users. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
API returns "参数DebugMode未找到" without it, causing all calls to fail. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Status badge (未读/已读) now reflects IsRead directly. Row highlight (table-primary) still only applies to incoming unread messages. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Desktop/mobile login tab priority: bookmarklet on desktop (pointer: fine), session on mobile - Replace sender name links with Bootstrap popovers showing user info popup - Image zoom: cursor: zoom-in/zoom-out, title tooltip on images - Global Ctrl+V paste handler for images anywhere in thread view - Auto-resize compose textarea as user types Co-authored-by: PythonSmall-Q <106425289+PythonSmall-Q@users.noreply.github.com>
Co-authored-by: PythonSmall-Q <106425289+PythonSmall-Q@users.noreply.github.com>
Co-authored-by: PythonSmall-Q <106425289+PythonSmall-Q@users.noreply.github.com>
…nfo modal Co-authored-by: PythonSmall-Q <106425289+PythonSmall-Q@users.noreply.github.com>
…in userinfo fetch Co-authored-by: PythonSmall-Q <106425289+PythonSmall-Q@users.noreply.github.com>
Co-authored-by: PythonSmall-Q <106425289+PythonSmall-Q@users.noreply.github.com>
…ck + auto-scroll fix Co-authored-by: PythonSmall-Q <106425289+PythonSmall-Q@users.noreply.github.com>
feat(messages.html): user badges, contact search, auto-scroll to latest
Add caption "点击任意行打开对话 →" above table and a › chevron in a trailing column on each row. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Restored: contact search, renderMailList, mailListCache, user badges, user info modal, userSpan, auto-resize textarea, global paste handler, requestAnimationFrame scroll, setLoginTab, dark-mode table-primary fix. Added on top: caption "点击任意行打开对话 →" and › chevron column to make list rows obviously clickable. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Shan Wenxiao <seanoj_noreply@yeah.net>
Signed-off-by: Shan Wenxiao <seanoj_noreply@yeah.net>
feat: messages.html WebUI for short messages
Deploying xmoj-script-dev-channel with
|
| Latest commit: |
3ea071d
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://0af58099.xmoj-script-dev-channel.pages.dev |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| <link href="https://cdn.bootcdn.net/ajax/libs/twitter-bootstrap/5.2.3/css/bootstrap.min.css" rel="stylesheet"> | ||
| <script src="https://cdn.bootcdn.net/ajax/libs/twitter-bootstrap/5.2.3/js/bootstrap.min.js"></script> | ||
| <link href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.2.3/css/bootstrap.min.css" rel="stylesheet"> | ||
| <script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.2.3/js/bootstrap.min.js"></script> |
Check warning
Code scanning / CodeQL
Inclusion of functionality from an untrusted source Medium
| </div> | ||
| </div> | ||
|
|
||
| <script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/js/bootstrap.bundle.min.js"></script> |
Check warning
Code scanning / CodeQL
Inclusion of functionality from an untrusted source Medium
| </div> | ||
|
|
||
| <script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/js/bootstrap.bundle.min.js"></script> | ||
| <script src="https://cdnjs.cloudflare.com/ajax/libs/marked/9.1.6/marked.min.js"></script> |
Check warning
Code scanning / CodeQL
Inclusion of functionality from an untrusted source Medium
|
|
||
| <script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.3.3/js/bootstrap.bundle.min.js"></script> | ||
| <script src="https://cdnjs.cloudflare.com/ajax/libs/marked/9.1.6/marked.min.js"></script> | ||
| <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.0.6/purify.min.js"></script> |
Check warning
Code scanning / CodeQL
Inclusion of functionality from an untrusted source Medium
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 2 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="messages.html">
<violation number="1" location="messages.html:916">
P2: Decoding the combined `username:session` string before splitting on `:` breaks parsing when the username contains a colon. Split on the first `:` of the raw (still-encoded) string, then `decodeURIComponent` each part separately.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| function checkSessionHash() { | ||
| var hash = location.hash; | ||
| if (!hash.startsWith('#session=')) return false; | ||
| var val = decodeURIComponent(hash.slice('#session='.length)); |
There was a problem hiding this comment.
P2: Decoding the combined username:session string before splitting on : breaks parsing when the username contains a colon. Split on the first : of the raw (still-encoded) string, then decodeURIComponent each part separately.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At messages.html, line 916:
<comment>Decoding the combined `username:session` string before splitting on `:` breaks parsing when the username contains a colon. Split on the first `:` of the raw (still-encoded) string, then `decodeURIComponent` each part separately.</comment>
<file context>
@@ -0,0 +1,1061 @@
+function checkSessionHash() {
+ var hash = location.hash;
+ if (!hash.startsWith('#session=')) return false;
+ var val = decodeURIComponent(hash.slice('#session='.length));
+ var idx = val.indexOf(':');
+ if (idx < 1) return false;
</file context>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
sync-branches: New code has just landed in dev, so let's bring extern-contrib up to speed!
Summary by cubic
Add
messages.html, a standalone WebUI for XMOJ short messages so iOS/iPadOS and other browsers without userscript support can read and send messages. Updatedindex.htmlwith a nav link and switchedbootstrapCDN tocdnjsfor better accessibility.New Features
markedsanitized bydompurify, plus image upload from clipboard or file.Bug Fixes
DebugModein API requests to prevent failures.table-primaryand improve link/image behavior (open in new tab, click to zoom).Written for commit 3ea071d. Summary will update on new commits.