profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/danielweck/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Daniel Weck danielweck DAISY Consortium - Readium Foundation http://danielweck.github.io/

danielweck/epub3-sliderizer 30

Simple utility to easily create EPUB 3 / HTML 5 slidedecks (one output fileset, dual support for e-book readers and web browsers) [screenshots below] LIVE DEMO:

danielweck/scrabble-html-ui 7

Playful experiment with HTML and Javascript to emulate the famous letter game board

danielweck/android-libgdx-playground 5

LibGDX 3D sandbox written in Java for Android (an old pet project migrated from Google Code)

danielweck/epub-reading-system-js-sandbox-test 1

Experimental test moved from https://github.com/IDPF/epub-testsuite/tree/feature/RS_integrity

danielweck/axe-core 0

Accessibility engine for automated Web UI testing

danielweck/big-text 0

Large Text Web Page

danielweck/css-element-queries 0

CSS-Element-Queries Polyfill. proof-of-concept for high-speed element dimension/media queries in valid css.

danielweck/CSSOM 0

CSS Object Model implemented in pure JavaScript. It's also a parser!

danielweck/csstag 0

Tagged template for CSS Modules: const styles = css`.root { color: red; }`; <div class={styles.root}></div>

Pull request review commentedrlab/thorium-reader

[WIP] [fix #1454] http request with file:// URI

 export const httpGetWithAuth =          }; -export const httpGet = httpGetWithAuth(true);+const httpGetFactory =+    (): typeof httpFetchFormattedResponse =>+        async (...arg) => {+            const [_url, _options, _callback, ..._arg] = arg;++            let url: URL | undefined;+            try {+                url = new URL(_url);+            } catch (e) {+                // wrong URL : fallback to httpGetWithAuth+                debug("wrong URL : fallback to httpGetWithAuth");+                debug(e);+            }++            if (url?.protocol === "file:") {++                let isFailure = false;+                let stream: NodeJS.ReadableStream | undefined;+                try {+                    stream = createReadStream(url.pathname);

So, a maliciously-crafted OPDS feed, LCP license, etc. could trigger arbitrary filesystem location access. This wouldn't pass a security audit, even if in practice the recipient of the HTTP response would be limited to some internal Thorium API, because an arbitrary filesystem path could be an operating system hook (not necessarily a downloadable binary blob). In other words, a mounted filesystem should be regarded as a sensitive API surface, and Thorium should implement provisions to secure access (e.g. ask user permissions, limit to known folders, etc.).

panaC

comment created time in an hour

PullRequestReviewEvent

issue commentedrlab/thorium-reader

Feature request: Fixed layout epub zoom

Hello, could you please post a separate issue including screenshots? Would you mind sharing your EPUB with me so I can investigate? ( daniel.weck@gmail.com )

MattiJarvinen

comment created time in 3 days

issue openedw3c/audiobooks

duration property in JSON example uses incorrect syntax (number instead of ISO 8601 string format)

https://w3c.github.io/audiobooks/#audio-simple

https://www.w3.org/TR/audiobooks/#audio-simple

Snippet:

 "readingOrder": [
    {
      "url": "http://www.archive.org/download/flatland_rg_librivox/flatland_1_abbott.mp3",
      "encodingFormat": "audio/mpeg",
      "duration": 1371,
      "name": "Part 1, Sections 1 - 3"
    }
]

References:

  • https://www.w3.org/TR/pub-manifest/#duration
  • https://en.wikipedia.org/wiki/ISO_8601#Durations

created time in 3 days

Pull request review commentedrlab/thorium-reader

[WIP] [fix #1454] http request with file:// URI

 export const httpGetWithAuth =          }; -export const httpGet = httpGetWithAuth(true);+const httpGetFactory =+    (): typeof httpFetchFormattedResponse =>+        async (...arg) => {+            const [_url, _options, _callback, ..._arg] = arg;++            let url: URL | undefined;+            try {+                url = new URL(_url);+            } catch (e) {+                // wrong URL : fallback to httpGetWithAuth+                debug("wrong URL : fallback to httpGetWithAuth");+                debug(e);+            }++            if (url?.protocol === "file:") {++                let isFailure = false;+                let stream: NodeJS.ReadableStream | undefined;+                try {+                    stream = createReadStream(url.pathname);

Enormous security risk (full disk access).

panaC

comment created time in 3 days

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentedrlab/thorium-reader

[fix #1536] opds problem details

 import { apiSaga } from "./api"; const filename_ = "readium-desktop:renderer:redux:saga:opds-browse"; const debug = debug_(filename_); -type TA = apiActions.result.TAction<TReturnPromiseOrGeneratorType<TApiMethod["opds/browse"]>>;+type TA = apiActions.result.TAction<TReturnPromiseOrGeneratorType<TApiMethod["browser/browse"]>>;  export function* opdsBrowse(link: string, REQUEST_ID: string) {      debug("opds-browse", link);-    yield apiSaga("opds/browse", REQUEST_ID, link);+    yield apiSaga("browser/browse", REQUEST_ID, link);

...I also note that the IBrowserResultView signals a generic HTTP request/response use-case, yet its object shape / model seems to be tightly-coupled with OPDS:

export interface IBrowserResultView {
    opds?: IOpdsResultView;
    problemDetails?: IOpdsProblemDetailsResultView;
}
panaC

comment created time in 3 days

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentedrlab/thorium-reader

[fix #1536] opds problem details

 import { apiSaga } from "./api"; const filename_ = "readium-desktop:renderer:redux:saga:opds-browse"; const debug = debug_(filename_); -type TA = apiActions.result.TAction<TReturnPromiseOrGeneratorType<TApiMethod["opds/browse"]>>;+type TA = apiActions.result.TAction<TReturnPromiseOrGeneratorType<TApiMethod["browser/browse"]>>;  export function* opdsBrowse(link: string, REQUEST_ID: string) {      debug("opds-browse", link);-    yield apiSaga("opds/browse", REQUEST_ID, link);+    yield apiSaga("browser/browse", REQUEST_ID, link);

Can you please explain the rationale for the change from opds/browse to browse/browse? If the intent is to signal that this API will / can work with any HTTP request/response cycle, then I understand, but browse/browse looks like a typo rather than an intentional entry point in the API surface. Would http/browse be preferable, or is that a misnomer too?

panaC

comment created time in 3 days

Pull request review commentedrlab/thorium-reader

[fix #1536] opds problem details

 import { apiSaga } from "./api"; const filename_ = "readium-desktop:renderer:redux:saga:opds-browse"; const debug = debug_(filename_); -type TA = apiActions.result.TAction<TReturnPromiseOrGeneratorType<TApiMethod["opds/browse"]>>;+type TA = apiActions.result.TAction<TReturnPromiseOrGeneratorType<TApiMethod["browser/browse"]>>;  export function* opdsBrowse(link: string, REQUEST_ID: string) {      debug("opds-browse", link);-    yield apiSaga("opds/browse", REQUEST_ID, link);+    yield apiSaga("browser/browse", REQUEST_ID, link);

...furthermore, there is a file renaming from opdsBrowse.ts to browse.ts which signals the generic nature of the API, but the function is still named opdsBrowse():

export function* opdsBrowse(link: string, REQUEST_ID: string) {
...
}
panaC

comment created time in 3 days

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentedrlab/thorium-reader

opds: fix opds search error for calibre-web.

 export class OpdsService {                 if (url.search.includes(SEARCH_TERM) ||                     tryDecodeURIComponent(url.pathname).includes(SEARCH_TERM)) { +                    atomLink.url = atomLink.url.replace("%7B", "{").replace("%7D", "}")

I wonder why such an ad-hoc string replacement is needed. As we haven't come across this problem in our tests, I am concerned about introducing a regression bug. Normally this would be handled by decodeURIComponent(). Do you have an example of Atom URL that exemplifies the problematic syntax?

schspa

comment created time in 3 days

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentedrlab/thorium-reader

opds: fix opds search error for calibre-web.

 export class OpdsService {                 if (url.search.includes(SEARCH_TERM) ||                     tryDecodeURIComponent(url.pathname).includes(SEARCH_TERM)) { +                    atomLink.url = atomLink.url.replace("%7B", "{").replace("%7D", "}")

The String.replace() function with a string function argument replaces only the first occurrence. I think you need to use a regular expression to "replace all":

atomLink.url = atomLink.url.replace(/%7B/g, "{").replace(/%7D/g, "}")

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/replace

Also, there is a missing trailing semicolon (lint)

schspa

comment created time in 3 days

PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentedrlab/thorium-reader

[fix #298] search by author in library

 export class PublicationRepository  /* extends BaseRepository<PublicationDocumen     }  -    public async searchByTitle(title: string): Promise<PublicationDocument[]> {+    public async searchByTitleAndAuthor(title: string): Promise<PublicationDocument[]> {

Nit picking: could you please rename title to a more generic variable name like str or keyword?

panaC

comment created time in 3 days

PullRequestReviewEvent

push eventedrlab/thorium-reader

Pierre Leroux

commit sha e8deeda2ba66cbf80ce134ffc2c1121a0330f85a

fix: OAuth response body was JSON content-type, must be form-urlencoded as per RFC6749 (PR #1555 Fixes #1554)

view details

push time in 3 days

PR merged edrlab/thorium-reader

[fix #1554] form-urlencoded

fixes #1554

+5 -3

1 comment

2 changed files

panaC

pr closed time in 3 days

issue closededrlab/thorium-reader

OAuth with Password grant sent as JSON instead of URL encoded form

The OAuth with Resource Owner Password OPDS authentication flow is supposed to follow the OAuth RFC6749.

In order to identify the use of a Resource Owner Password Credentials Grant Authentication Flow (as defined in [RFC6749] in section 4.3. Resource Owner Password Credentials Grant) https://drafts.opds.io/authentication-for-opds-1.0.html#346-resource-owner-password-credentials-grant

The RFC6749 states that the payload must be an URL encoded form:

The client makes a request to the token endpoint by adding the following parameters using the "application/x-www-form-urlencoded" format https://datatracker.ietf.org/doc/html/rfc6749#section-4.3.2

But Thorium is sending the payload as a JSON object, which breaks with spec-compliant servers:

https://github.com/edrlab/thorium-reader/blob/3e4aa1018bbd0ae0877daa44a02b3235e2300685/src/main/redux/sagas/auth.ts#L291

closed time in 3 days

mickael-menu
PullRequestReviewEvent

issue commentedrlab/thorium-reader

linux: text selection and middle click paste

thus far we decided against CSS user-select:none, as this prevents legitimate text selection for bookmarking, annotations, and probably some accessibility support too. we used a different technique on MacOS to prevent ctrl-a drag+drop, so on Linux we have to find a solution for implicit x11 buffer middle-click paste that doesn't compromise other essential features.

atomotic

comment created time in 4 days

issue commentedrlab/thorium-reader

linux: text selection and middle click paste

note that thorium doesn't disable ctrl-c, but intercepts the clipboard copy event directly. that being said, x11 bypasses the standard clipboard API completely, so indeed we have to figure out an alternative interception mechanism.

"Highlighting text without clicking is enough to get it copied to the X11 buffer-space, and middle-clicking will paste out of that."

atomotic

comment created time in 4 days

pull request commentedrlab/thorium-reader

[fix #1536] opds problem details

Hello Pierre, do you consider this PR ready to merge, or draft/WIP?

panaC

comment created time in 6 days