JonKazama-Hellion/HellionChat
1
0
Fork 0
Code Issues 1 Pull Requests Actions Releases 28 Activity

chore: code quality sweep 2026-05-04 / 2026-05-05

Browse Source 
General code-quality and robustness pass across the plugin: thread-
safety on IPC state, resource-disposal cleanups, input validation,
defensive null-checks and a few small UX glitches. Compliance docs
(THIRD_PARTY_NOTICES, PRIVACY, COPYRIGHT) refreshed to v1.0.3.

Highlights
- ExtraChat IPC state synchronised across threads
- ChatLogWindow autocomplete no longer leaks the unmanaged
  ImGuiListClipper allocation
- ChatLogWindow + Popout style stack stays balanced when config
  toggles mid-frame
- Retention sweep and privacy cleanup wait for the actual filter
  pass instead of the fire-and-forget Task that started it
- Configuration.LatestVersion bumped to 13 to match the active
  migration path
- GameFunctions placeholder buffer guarded against oversized
  replacement names
- TellTarget.IsSet, ResolveTempInputChannel, InputPreview, IconUtil,
  Lender, Payloads, ExtraPayload all hardened against null / empty /
  EOF / cycle inputs
- FontManager Lodestone download stays in scope for a follow-up
  (timeout + lazy init pending)
- AutoTranslate replaced the msvcrt.dll memcmp P/Invoke with a
  managed Span comparison
- Privacy cleanup worker thread marked IsBackground = true
- Database cleanup now removes both legacy files in one click
- Tell-target name redacted in the verbose debug log

Compliance
- THIRD_PARTY_NOTICES: last-reviewed bumped to v1.0.3, Pidgin 3.5.1,
  SQLitePCLRaw.lib.e_sqlite3 3.50.3 listed as direct dependency with
  CVE-2025-6965 / CVE-2025-7709 rationale
- PRIVACY: last-reviewed bumped to v1.0.3, BetterTTV trigger wording
  clarified (list fetch at startup vs. on-demand image fetch)
- COPYRIGHT: upstream attribution range widened

Build: 0 warnings, 0 errors. No behavioural changes that would alter
existing user configuration or stored chat history.
This commit is contained in:
Jon Kazama
2026-05-05 07:25:47 +02:00
parent 698eb01bbe
commit 4d54eabdac
26 changed files with 251 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files
PRIVACY.md
+12 -3
View File
@@ -12,7 +12,7 @@ because no data ever leaves your machine on the maintainer's
infrastructure. Independently of that, the plugin is built so that
you can act on your own data the way the GDPR expects.
Last reviewed: 2026-05-03 (HellionChat v0.5.4).
Last reviewed: 2026-05-05 (HellionChat v1.0.3).
---
@@ -103,8 +103,17 @@ on your behalf.
reaches BetterTTV (unavoidable for any HTTPS request); the request
itself contains no identifying user data, no character name, no
message text. Only the emote ID being looked up is in the URL path.
- **When it triggers:** Only when an incoming message contains an
emote token that is on the BetterTTV emote list.
- **When it triggers:**
- The emote *list* (global emotes plus the top-1500 community emotes
over fifteen API pages) is fetched from `api.betterttv.net` once
per session at plugin startup, provided the **Show emotes** option
is on. This first list-fetch happens before any chat message has
arrived; BetterTTV's edge therefore sees your IP as soon as the
plugin loads, not only after an emote is mentioned.
- The individual emote *images* on `cdn.betterttv.net` are fetched
on demand, only when an incoming chat message contains a token
matching one of the cached IDs. These are cached locally
(`emoteCache/`) and reused across sessions.
- **Cached:** Yes, in `emoteCache/`. A given emote is downloaded once
per machine and reused.
- **How to opt out:** Turn off the **Show emotes** option in