To avoid error 500 when some revision metadata are not properly encoded,
fallback to the binary representation of bogus data.

Closes T1727

Related T1678

  - extract deposit origin from revision pid

  - add new columns to the table related to swh revision / directory

  - rename some table columns

  - enable to dynamically show / hide table columns

Closes T1490
Closes T1719

Related T1508

Made changes to adapt it to new content_find return type and added the test for lookup_directory_with_revision with unknown content

This regression was introduced in 3bb1a709

Closes T1705

Fix XSS vulnerabilities in origin-search table, various error pages and API HTML interface.

Closes T1699

Escape unsafe objects in Error Page

top-navigation: Fix XSS in branch name

Fix XSS in API HTML interface

  - test target now uses the swh-web-fast hypothesis profile

  - remove the test-fast target

  - add test-full target using the swh-web hypothesis profile (which generates a lot of
    examples and thus takes much more longer to execute)

  - origin info were inserted three times on page load

  - fix checkboxes ids and make all labels clickable

Closes T1701

Closes T1419

Related T1508

Related T1419

HTML rendering of Jupyter notebook is now integrated in browse content views
with support for:

  - markdown rendering

  - code highlighting

  - math typesetting

  - ANSI color escape codes

Nevertheless, the dynamic loading part of a notebook content (external scripts for
instance) has been disabled through XSS filtering.

Closes T1641

  - remove inlined webpack loader calls from module names

  - allow to reference external loaded scripts in the additionalScripts plugin option

Summary:
Related T1690
Added client side xss filter

> Save code now is vulnerable to XSS attack.
>
> Steps to reproduce-
>
>     Remove the validation from client side (with dev tools)
>     Enter this url in origin url
>
> https://github.com/%3Cscript%3Ealert(document.domain);%3C/script%3E
>
> We should add more validations at the server side to prevent such urls from entering into the database.

For server side validations, I was thinking of preventing regex /.*(%3C).*(%3E)/ and /.*(javascript:).*/  There may be a few more cases we need to take care of.

Or should we check if the url returns 200 or not before entering it to the table.

Reviewers: #reviewers, anlambert

Reviewed By: #reviewers, anlambert

Subscribers: anlambert, vlorentz

Differential Revision: https://forge.softwareheritage.org/D1433

Closes T1655

  - put related code in a dedicated file

  - use a XSS filtering hook to fix some image relative src urls included in README
    HTML rendering (load image bytes from the archive content if available)

  - remove previoulsy introduced hacks in Python code as correct image loading in
    README HTML rendering is now handled client-side by the feature described above

Related T1641

  - ensure Alegreya font can not be overriden by other css rules

  - remove container padding to gain some horizontal display space

  - harmonize metadata field names and rename/remove/add some

  - factorize and cleanup link generation code

  - remove some dead code