* feat(fonts): add dynamic font selection and font manager improvements
- Add font-selector widget for dynamic font selection in plugin configs
- Enhance /api/v3/fonts/catalog with filename, display_name, and type
- Add /api/v3/fonts/preview endpoint for server-side font rendering
- Add /api/v3/fonts/<family> DELETE endpoint with system font protection
- Fix /api/v3/fonts/upload to actually save uploaded font files
- Update font manager tab with dynamic dropdowns, server-side preview, and font deletion
- Add new BDF fonts: 6x10, 6x12, 6x13, 7x13, 7x14, 8x13, 9x15, 9x18, 10x20 (with bold/oblique variants)
- Add tom-thumb, helvR12, clR6x12, texgyre-27 fonts
Plugin authors can use x-widget: "font-selector" in schemas to enable
dynamic font selection that automatically shows all available fonts.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(fonts): security fixes and code quality improvements
- Fix README.md typos and add language tags to code fences
- Remove duplicate delete_font function causing Flask endpoint collision
- Add safe integer parsing for size parameter in preview endpoint
- Fix path traversal vulnerability in /fonts/preview endpoint
- Fix path traversal vulnerability in /fonts/<family> DELETE endpoint
- Fix XSS vulnerability in fonts.html by using DOM APIs instead of innerHTML
- Move baseUrl to shared scope to fix ReferenceError in multiple functions
Security improvements:
- Validate font filenames reject path separators and '..'
- Validate paths are within fonts_dir before file operations
- Use textContent and data attributes instead of inline onclick handlers
- Restrict file extensions to known font types
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(fonts): address code issues and XSS vulnerabilities
- Move `import re` to module level, remove inline imports
- Remove duplicate font_file assignment in upload_font()
- Remove redundant validation with inconsistent allowed extensions
- Remove redundant PathLib import, use already-imported Path
- Fix XSS vulnerabilities in fonts.html by using DOM APIs instead of
innerHTML with template literals for user-controlled data
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(fonts): add size limits to font preview endpoint
Add input validation to prevent DoS via large image generation:
- MAX_TEXT_CHARS (100): Limit text input length
- MAX_TEXT_LINES (3): Limit number of newlines
- MAX_DIM (1024): Limit max width/height
- MAX_PIXELS (500000): Limit total pixel count
Validates text early before processing and checks computed
dimensions after bbox calculation but before image allocation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(fonts): improve error handling, catalog keys, and BDF preview
- Add structured logging for cache invalidation failures instead of
silent pass (FontUpload, FontDelete, FontCatalog contexts)
- Use filename as unique catalog key to prevent collisions when
multiple font files share the same family_name from metadata
- Return explicit error for BDF font preview instead of showing
misleading preview with default font
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(fonts): address nitpick issues in font management
Frontend (fonts.html):
- Remove unused escapeHtml function (dead code)
- Add max-attempts guard (50 retries) to initialization loop
- Add response.ok checks before JSON parsing in deleteFont,
addFontOverride, deleteFontOverride, uploadSelectedFonts
- Use is_system flag from API instead of hardcoded client-side list
Backend (api_v3.py):
- Move SYSTEM_FONTS to module-level frozenset for single source of truth
- Add is_system flag to font catalog entries
- Simplify delete_font system font check using frozenset lookup
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(fonts): align frontend upload validation with backend
- Add .otf to accepted file extensions (HTML accept attribute, JS filter)
- Update validation regex to allow hyphens (matching backend)
- Preserve hyphens in auto-generated font family names
- Update UI text to reflect all supported formats
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(fonts): fix lint errors and missing variable
- Remove unused exception binding in set_cached except block
- Define font_family_lower before case-insensitive fallback loop
- Add response.ok check to font preview fetch (consistent with other handlers)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(fonts): address nitpick code quality issues
- Add return type hints to get_font_preview and delete_font endpoints
- Catch specific PIL exceptions (IOError/OSError) when loading fonts
- Replace innerHTML with DOM APIs for trash icon (consistency)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(fonts): remove unused exception bindings in cache-clearing blocks
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Chuck <chuck@example.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
