We've been mostly relying on the 3rd party xss cleaner to make sure user submitted content is clean. This PR fixes up any leftover holes in the bbcode parser that allow xss vulnerabilities, and as a result, the 3rd party library isn't needed anymore. It cleans responsibly by first, running `htmlspecialchars()` over the content, followed by sanitizing the untrusted urls and whitelisting their protocol.
There's no easy way of adding these to meilisearch right now. Indexing them is inefficient and causes multi-second queries. It would be useful to use the `CONTAINS` operator to search these, but that meilisearch feature is still experimental and we should wait until it's stable before using it.
We need to sort the torrents after they've been fetched from the database to match the same order that meilisearch returned.
Fixes regression from #4236.
Using scout directly doesn't work because when increasing the maxTotalHits in meilisearch, scout will use the max instead of just fetching the current page. Meilisearch seems to handle a max of 200k torrents fine on its own, with 12ms latency when e.g. filtering by type down to 38000 totalHits. Run `php artisan scout:sync-index-settings`, followed by `php artisan auto:sync_torrents_to_meilisearch` after updating.
- refactored from livewire to alpinejs
- this is a crudish draft but is fullly functional
- script should be moved to own alpine component in js dir
- person command and filter is simply a test and works
- fixes long time safari issue when click result just closes search and doesnt direct to URL by following:
@click.prevent Directive: Added @click.prevent="navigateTo(result.url)" to the anchor tag to handle the click event and navigate to the URL.
navigateTo Method: Added a navigateTo method in the quickSearch function to change the window location to the clicked URL.
Event Listener: Updated the init method to add a click event listener that stops propagation and navigates to the URL.
After some beta testing, it was suggested to provide more clear labels for `solved` and `snoozed` and also combine them into a single `status` setting.
Roardom