Calls JonKazama-Hellion/security-workflows for Semgrep SAST + Trivy
filesystem vulnerability scan. Runs on push to main/master, on every
PR, and weekly Monday 06:00 UTC.
Alle 3 Manifests, newtab.html, data.js, app.js auf 2.1.0.
CHANGELOG-Eintrag mit allen 6 neuen Calculator-Modi.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
data.calculator wurde bei jedem save() komplett ersetzt, wodurch
factorio/satisfactory Sub-Mode-Präferenzen verloren gingen.
Jetzt werden nur die Core-Properties einzeln gesetzt.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
sqrt und x² transferieren _lastResult in _currentExpr wenn Expression leer.
handleNegate Regex akzeptiert auch dezimal-first Zahlen (.5).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Split-Regex für Dezimalpunkt-Check um ^ erweitern,
damit z.B. 2.3^1.5 korrekt eingegeben werden kann.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Manifest nutzt __MSG_extName__ / __MSG_extDesc__ mit default_locale,
aber die _locales/ Dateien fehlten in allen drei ZIP-Befehlen.
Ohne sie kann der Browser die Extension nicht laden.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Drei Stellen hatten noch '2.0.0' statt '2.0.1': newtab.html About-Sektion,
data.js Export und app.js Backup-Export. FileReader-Upload in settings.js
validiert jetzt bgUrl via isValidBgUrl() (Defense-in-Depth).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add data-i18n-title to 5 header buttons, data-i18n to 3 settings buttons.
Add 10 new keys to STRINGS.de and STRINGS.en including background URL
validation error messages.
Add --bg-solid-fallback CSS variable to all 11 themes and a
@supports not (backdrop-filter) block. UI remains usable when
Brave Shields or strict fingerprinting settings block backdrop-filter.
Remove getFaviconUrl() and all external network requests. Bookmarks now
show a colored letter icon with deterministic hue based on title.
Eliminates privacy leak and Brave Shields compatibility issues.
Add isSafeUrl() to block javascript:/data: URLs in imported bookmarks.
Replace mutable object mutation with immutable .map() and string length limits.
Use Notes.init()/Calculator.load()/Timer.load() instead of direct internal
mutation after import.
Add isValidBgUrl() that only allows blob: and data:image/ protocols.
Applied in applySettings() and the manual URL input handler.
Prevents CSS injection via manipulated bgUrl storage values.
- Filter transitionend by propertyName=opacity to prevent double-fire
- Add 350ms fallback setTimeout for prefers-reduced-motion / zero-duration
- Initialize _minimizing: false in create() for clean state
- Dispatch events after save() for consistent state in listeners
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fixes race condition where openWidget() during the 250ms timeout would
be overridden. Uses _minimizing flag to cancel in-flight transitions.
Dispatches widget:minimize and widget:open events.
Move widget:close dispatch before _widgets.delete() so handlers can
still query WidgetManager for the widget's state during the event.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Version in newtab.html auf 2.0.0 aktualisieren
- dialog.js OK-Fallback auf t('dialog.ok') umstellen
- Duplikat-Keys widgets.minimize/close entfernen (widget.* wird genutzt)
- header.settings DE-String korrigiert (war englisch)
- ~17 deutsche Strings die englisch waren gefixt
- I18n.init() vor applySettings() in app.js
- html lang-Attribut dynamisch via I18n setzen
- Default html lang auf en (passend zu default_locale)
renovate-bot
JonKazama-Hellion