The Meteor realtime plugin sets document.domain to the common prefix between the main server and the Meteor server's hostnames, which overrides the same-origin controls on JavaScript DOM access so the two parts of the app can speak to each other.
This unfortunately causes "fun" side effects for XMLHTTPRequest access to the main domain... if the new domain doesn't match the actual host (eg 'status.net' instead of 'brion.status.net') then we can't access the XHR's responseXML attribute, which holds a DOM tree of the parsed XML return data.
As a workaround, if we can't get at the contents there, we'll parse a fresh DOM tree in the local context from the responseText property, which remains available.
In the longer term, recommend retooling the realtime stuff so it's not fiddling with document.domain. It could also be an issue as it could allow local JavaScript XSS attacks to migrate to subdomains in other open windows.
StatusNet core code now sets the tooltip text on .attachment.more links when they receive their attachment-expansion magic; this will override the hardcoded tooltip text saved from OStatus plugin when displaying timelines in the web UI.
Previously we pushed out your latest post into the currently visible timeline regardless of whether it belonged there or not. This could be pretty confusing!
Currently we don't have clearly machine-readable info on the page and returned notice HTML to determine whether it belongs, but we can do a couple checks easily which I've added:
* public timeline (always show)
* 'and friends' timeline (show for your own page only)
* profile timeline (show for your own page only)
Other places that should be added in the future:
* group timelines if it's a group your posting to
* tag timelines if the post contains the tag
* reply & friends timelines for people you've mentioned
Currently those aren't easy since the mention/group target links in the notice HTML are using the canonical form with user or group ID, while the available navigation links we can use to identify the current page use the names.
This reverts commit 260f00d60b.
As mentioned in
260f00d60b (comment_8367)
Reverting this merge until the bugs are fixed and there is a general
agreement on the need for this enhancement.
Also stripping id from foreign HTML messages (could interfere with UI) and disabled failing attachment popup for a.attachment links that don't have a proper id, so you can click through instead of getting an error.
Issues:
* any other links aren't marked and saved
* inconsistent behavior between local and remote attachments (local displays in lightbox, remote doesn't)
* if the enclosure'd object isn't referenced in the content, you won't be offered a link to it in our UI