v1.4.2 (gristlabs#1459)

v1.4.1 (gristlabs#1457)

v1.4.0 (gristlabs#1448)

New Grist release, new feature being released.

(core) Fix attachment and hyperlink vulnerabilities

Summary:
Attachments were prone to XSS-based attacks if attachments injected with scripts
were previewed or opened. This is now addressed by CSP.

Hyperlink cells were prone to similar attacks if `javascript:...` URLs were inserted into
cells. This has also been addressed by sanitizing URLs.

Thank you to Florent <[email protected]> and Grégoire Cutzach <[email protected]>
for reporting and co-authoring these changes.

Co-authored-by: Florent <[email protected]>
Co-authored-by: Grégoire Cutzach <[email protected]>

Test Plan: Browser and unit tests.

Reviewers: dsagal, paulfitz

Reviewed By: dsagal, paulfitz

Subscribers: dsagal, paulfitz, fflorent

Differential Revision: https://phab.getgrist.com/D4413

(core) Revert "Document type conversion UX/UI (gristlabs#1181)"

Summary:
The recently-landed document type conversion feature was broken, failing
to change the document's type in both Jenkins CI runs and during manual
testing of the SaaS build of Grist.

This reverts the feature until a fix is ready.

Test Plan: N/A

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D4411

(core) Revert "Document type conversion UX/UI (gristlabs#1181)"

Summary:
The recently-landed document type conversion feature was broken, failing
to change the document's type in both Jenkins CI runs and during manual
testing of the SaaS build of Grist.

This reverts the feature until a fix is ready.

Test Plan: N/A

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D4411