Fix css box and emoji list style

Add refresh thread accesskey on /about
Hide post format setting in case of empty list
2021-05-30 07:03:29 +00:00 · 2021-05-30 07:02:48 +00:00 · 2021-05-30 07:01:54 +00:00 · 2021-05-30 06:59:34 +00:00 · 2021-05-10 13:29:18 +00:00 · 2021-04-23 10:19:09 +00:00
31 changed files with 986 additions and 575 deletions
--- a/21
+++ b/21
@ -26,18 +26,19 @@ bloat.def.conf:
 		< bloat.conf > bloat.def.conf

 install: bloat
-	mkdir -p $(BINPATH) $(SHAREPATH)/templates $(SHAREPATH)/static
-	cp bloat $(BINPATH)/bloat
-	chmod 0755 $(BINPATH)/bloat
-	cp -r templates/* $(SHAREPATH)/templates
-	chmod 0644 $(SHAREPATH)/templates/*
-	cp -r static/* $(SHAREPATH)/static
-	chmod 0644 $(SHAREPATH)/static/*
+	mkdir -p $(DESTDIR)$(BINPATH) \
+		$(DESTDIR)$(SHAREPATH)/templates \
+		$(DESTDIR)$(SHAREPATH)/static
+	cp bloat $(DESTDIR)$(BINPATH)/bloat
+	chmod 0755 $(DESTDIR)$(BINPATH)/bloat
+	cp -r templates/* $(DESTDIR)$(SHAREPATH)/templates
+	chmod 0644 $(DESTDIR)$(SHAREPATH)/templates/*
+	cp -r static/* $(DESTDIR)$(SHAREPATH)/static
+	chmod 0644 $(DESTDIR)$(SHAREPATH)/static/*

 uninstall:
-	rm -f $(BINPATH)/bloat
-	rm -fr $(SHAREPATH)/templates
-	rm -fr $(SHAREPATH)/static
+	rm -f $(DESTDIR)$(BINPATH)/bloat
+	rm -fr $(DESTDIR)$(SHAREPATH)

 clean: 
 	rm -f bloat
--- a/main.go
+++ b/main.go
@ -4,12 +4,10 @@ import (
 	"errors"
 	"fmt"
 	"log"
-	"net"
 	"net/http"
 	"os"
 	"path/filepath"
 	"strings"
-	"time"

 	"bloat/config"
 	"bloat/renderer"
@ -27,20 +25,6 @@ func errExit(err error) {
 	os.Exit(1)
 }

-func setupHttp() {
-	tr := http.DefaultTransport.(*http.Transport)
-	tr.MaxIdleConnsPerHost = 30
-	tr.MaxIdleConns = 300
-	tr.ForceAttemptHTTP2 = false
-	tr.DialContext = (&net.Dialer{
-		Timeout:   30 * time.Second,
-		KeepAlive: 3 * time.Minute,
-		DualStack: true,
-	}).DialContext
-	client := http.DefaultClient
-	client.Transport = tr
-}
-
 func main() {
 	opts, _, err := util.Getopts(os.Args, "f:")
 	if err != nil {
@ -108,11 +92,9 @@ func main() {
 		logger = log.New(lf, "", log.LstdFlags)
 	}

-	setupHttp()
-
 	s := service.NewService(config.ClientName, config.ClientScope,
-		config.ClientWebsite, customCSS, config.PostFormats, renderer,
-		sessionRepo, appRepo, config.SingleInstance)
+		config.ClientWebsite, customCSS, config.SingleInstance,
+		config.PostFormats, renderer, sessionRepo, appRepo)
 	handler := service.NewHandler(s, logger, config.StaticDirectory)

 	logger.Println("listening on", config.ListenAddress)
--- a/mastodon/accounts.go
+++ b/mastodon/accounts.go
@ -60,7 +60,7 @@ func (c *Client) GetAccount(ctx context.Context, id string) (*Account, error) {
 	if err != nil {
 		return nil, err
 	}
-	if account.Pleroma == nil {
+	if account.Pleroma == nil || len(account.Pleroma.Relationship.ID) < 1 {
 		rs, err := c.GetAccountRelationships(ctx, []string{id})
 		if err != nil {
 			return nil, err
--- a/mastodon/filter.go
+++ b/mastodon/filter.go
@ -0,0 +1,50 @@
+package mastodon
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"time"
+)
+
+type Filter struct {
+	ID           string     `json:"id"`
+	Phrase       string     `json:"phrase"`
+	Context      []string   `json:"context"`
+	WholeWord    bool       `json:"whole_word"`
+	ExpiresAt    *time.Time `json:"expires_at"`
+	Irreversible bool       `json:"irreversible"`
+}
+
+func (c *Client) GetFilters(ctx context.Context) ([]*Filter, error) {
+	var filters []*Filter
+	err := c.doAPI(ctx, http.MethodGet, "/api/v1/filters", nil, &filters, nil)
+	if err != nil {
+		return nil, err
+	}
+	return filters, nil
+}
+
+func (c *Client) AddFilter(ctx context.Context, phrase string, context []string, irreversible bool, wholeWord bool, expiresIn *time.Time) error {
+	params := url.Values{}
+	params.Set("phrase", phrase)
+	for i := range context {
+		params.Add("context[]", context[i])
+	}
+	params.Set("irreversible", strconv.FormatBool(irreversible))
+	params.Set("whole_word", strconv.FormatBool(wholeWord))
+	if expiresIn != nil {
+		params.Set("expires_in", expiresIn.Format(time.RFC3339))
+	}
+	err := c.doAPI(ctx, http.MethodPost, "/api/v1/filters", params, nil, nil)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *Client) RemoveFilter(ctx context.Context, id string) error {
+	return c.doAPI(ctx, http.MethodDelete, fmt.Sprintf("/api/v1/filters/%s", id), nil, nil, nil)
+}
--- a/mastodon/mastodon.go
+++ b/mastodon/mastodon.go
@ -91,7 +91,12 @@ func (c *Client) doAPI(ctx context.Context, method string, uri string, params in

 		var buf bytes.Buffer
 		mw := multipart.NewWriter(&buf)
-		part, err := mw.CreateFormFile("file", filepath.Base(file.Filename))
+		fname := filepath.Base(file.Filename)
+		err = mw.WriteField("description", fname)
+		if err != nil {
+			return err
+		}
+		part, err := mw.CreateFormFile("file", fname)
 		if err != nil {
 			return err
 		}
--- a/mastodon/status.go
+++ b/mastodon/status.go
@ -191,9 +191,11 @@ func (c *Client) GetTimelineHome(ctx context.Context, pg *Pagination) ([]*Status
 }

 // GetTimelinePublic return statuses from public timeline.
-func (c *Client) GetTimelinePublic(ctx context.Context, isLocal bool, pg *Pagination) ([]*Status, error) {
+func (c *Client) GetTimelinePublic(ctx context.Context, isLocal bool, instance string, pg *Pagination) ([]*Status, error) {
 	params := url.Values{}
-	if isLocal {
+	if len(instance) > 0 {
+		params.Set("instance", instance)
+	} else if isLocal {
 		params.Set("local", "true")
 	}

--- a/model/settings.go
+++ b/model/settings.go
@ -11,6 +11,7 @@ type Settings struct {
 	FluorideMode         bool   `json:"fluoride_mode"`
 	DarkMode             bool   `json:"dark_mode"`
 	AntiDopamineMode     bool   `json:"anti_dopamine_mode"`
+	CSS                  string `json:"css"`
 }

 func NewSettings() *Settings {
@ -25,5 +26,6 @@ func NewSettings() *Settings {
 		FluorideMode:         false,
 		DarkMode:             false,
 		AntiDopamineMode:     false,
+		CSS:                  "",
 	}
 }
--- a/renderer/model.go
+++ b/renderer/model.go
@ -14,12 +14,8 @@ type Context struct {
 	CSRFToken        string
 	UserID           string
 	AntiDopamineMode bool
-}
-
-type NavData struct {
-	CommonData  *CommonData
-	User        *mastodon.Account
-	PostContext model.PostContext
+	UserCSS          string
+	Referrer         string
 }

 type CommonData struct {
@ -31,9 +27,17 @@ type CommonData struct {
 	Target          string
 }

+type NavData struct {
+	CommonData  *CommonData
+	User        *mastodon.Account
+	PostContext model.PostContext
+}
+
 type ErrorData struct {
 	*CommonData
-	Error string
+	Err        string
+	Retry      bool
+	SessionErr bool
 }

 type HomePageData struct {
@ -51,6 +55,8 @@ type RootData struct {
 type TimelineData struct {
 	*CommonData
 	Title    string
+	Type     string
+	Instance string
 	Statuses []*mastodon.Status
 	NextLink string
 	PrevLink string
@ -124,3 +130,8 @@ type SettingsData struct {
 	Settings    *model.Settings
 	PostFormats []model.PostFormat
 }
+
+type FiltersData struct {
+	*CommonData
+	Filters []*mastodon.Filter
+}
--- a/renderer/renderer.go
+++ b/renderer/renderer.go
@ -29,6 +29,7 @@ const (
 	RetweetedByPage  = "retweetedby.tmpl"
 	SearchPage       = "search.tmpl"
 	SettingsPage     = "settings.tmpl"
+	FiltersPage      = "filters.tmpl"
 )

 type TemplateData struct {
--- a/service/service.go
+++ b/service/service.go
--- a/service/transport.go
+++ b/service/transport.go
@ -1,8 +1,8 @@
 package service

 import (
+	"context"
 	"encoding/json"
-	"errors"
 	"log"
 	"net/http"
 	"strconv"
@ -10,40 +10,34 @@ import (

 	"bloat/mastodon"
 	"bloat/model"
+	"bloat/renderer"

 	"github.com/gorilla/mux"
 )

-var (
-	errInvalidSession   = errors.New("invalid session")
-	errInvalidCSRFToken = errors.New("invalid csrf token")
-)
-
 const (
 	sessionExp = 365 * 24 * time.Hour
 )

-type respType int
-
 const (
-	HTML respType = iota
+	HTML int = iota
 	JSON
 )

-type authType int
-
 const (
-	NOAUTH authType = iota
+	NOAUTH int = iota
 	SESSION
 	CSRF
 )

 type client struct {
 	*mastodon.Client
-	http.ResponseWriter
-	Req       *http.Request
-	CSRFToken string
-	Session   model.Session
+	w    http.ResponseWriter
+	r    *http.Request
+	s    model.Session
+	csrf string
+	ctx  context.Context
+	rctx *renderer.Context
 }

 func setSessionCookie(w http.ResponseWriter, sid string, exp time.Duration) {
@ -55,66 +49,50 @@ func setSessionCookie(w http.ResponseWriter, sid string, exp time.Duration) {
 }

 func writeJson(c *client, data interface{}) error {
-	return json.NewEncoder(c).Encode(map[string]interface{}{
+	return json.NewEncoder(c.w).Encode(map[string]interface{}{
 		"data": data,
 	})
 }

 func redirect(c *client, url string) {
-	c.Header().Add("Location", url)
-	c.WriteHeader(http.StatusFound)
+	c.w.Header().Add("Location", url)
+	c.w.WriteHeader(http.StatusFound)
 }

 func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	r := mux.NewRouter()

-	writeError := func(c *client, err error, t respType) {
+	writeError := func(c *client, err error, t int, retry bool) {
 		switch t {
 		case HTML:
-			c.WriteHeader(http.StatusInternalServerError)
-			s.ErrorPage(c, err)
+			c.w.WriteHeader(http.StatusInternalServerError)
+			s.ErrorPage(c, err, retry)
 		case JSON:
-			c.WriteHeader(http.StatusInternalServerError)
-			json.NewEncoder(c).Encode(map[string]string{
+			c.w.WriteHeader(http.StatusInternalServerError)
+			json.NewEncoder(c.w).Encode(map[string]string{
 				"error": err.Error(),
 			})
 		}
 	}

-	authenticate := func(c *client, t authType) error {
-		if t >= SESSION {
-			cookie, err := c.Req.Cookie("session_id")
-			if err != nil || len(cookie.Value) < 1 {
-				return errInvalidSession
-			}
-			c.Session, err = s.sessionRepo.Get(cookie.Value)
-			if err != nil {
-				return errInvalidSession
-			}
-			app, err := s.appRepo.Get(c.Session.InstanceDomain)
-			if err != nil {
-				return err
-			}
-			c.Client = mastodon.NewClient(&mastodon.Config{
-				Server:       app.InstanceURL,
-				ClientID:     app.ClientID,
-				ClientSecret: app.ClientSecret,
-				AccessToken:  c.Session.AccessToken,
-			})
+	authenticate := func(c *client, t int) error {
+		var sid string
+		if cookie, _ := c.r.Cookie("session_id"); cookie != nil {
+			sid = cookie.Value
 		}
-		if t >= CSRF {
-			c.CSRFToken = c.Req.FormValue("csrf_token")
-			if len(c.CSRFToken) < 1 || c.CSRFToken != c.Session.CSRFToken {
-				return errInvalidCSRFToken
-			}
-		}
-		return nil
+		csrf := c.r.FormValue("csrf_token")
+		ref := c.r.URL.RequestURI()
+		return s.authenticate(c, sid, csrf, ref, t)
 	}

-	handle := func(f func(c *client) error, at authType, rt respType) http.HandlerFunc {
+	handle := func(f func(c *client) error, at int, rt int) http.HandlerFunc {
 		return func(w http.ResponseWriter, req *http.Request) {
 			var err error
-			c := &client{Req: req, ResponseWriter: w}
+			c := &client{
+				ctx: req.Context(),
+				w:   w,
+				r:   req,
+			}

 			defer func(begin time.Time) {
 				logger.Printf("path=%s, err=%v, took=%v\n",
@ -128,29 +106,24 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 			case JSON:
 				ct = "application/json"
 			}
-			c.Header().Add("Content-Type", ct)
+			c.w.Header().Add("Content-Type", ct)

 			err = authenticate(c, at)
 			if err != nil {
-				writeError(c, err, rt)
+				writeError(c, err, rt, req.Method == http.MethodGet)
 				return
 			}

 			err = f(c)
 			if err != nil {
-				writeError(c, err, rt)
+				writeError(c, err, rt, req.Method == http.MethodGet)
 				return
 			}
 		}
 	}

 	rootPage := handle(func(c *client) error {
-		sid, _ := c.Req.Cookie("session_id")
-		if sid == nil || len(sid.Value) < 0 {
-			redirect(c, "/signin")
-			return nil
-		}
-		session, err := s.sessionRepo.Get(sid.Value)
+		err := authenticate(c, SESSION)
 		if err != nil {
 			if err == errInvalidSession {
 				redirect(c, "/signin")
@ -158,7 +131,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 			}
 			return err
 		}
-		if len(session.AccessToken) < 1 {
+		if !c.s.IsLoggedIn() {
 			redirect(c, "/signin")
 			return nil
 		}
@ -174,22 +147,22 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		if !ok {
 			return s.SigninPage(c)
 		}
-		url, sid, err := s.NewSession(instance)
+		url, sid, err := s.NewSession(c, instance)
 		if err != nil {
 			return err
 		}
-		setSessionCookie(c, sid, sessionExp)
+		setSessionCookie(c.w, sid, sessionExp)
 		redirect(c, url)
 		return nil
 	}, NOAUTH, HTML)

 	timelinePage := handle(func(c *client) error {
-		tType, _ := mux.Vars(c.Req)["type"]
-		q := c.Req.URL.Query()
+		tType, _ := mux.Vars(c.r)["type"]
+		q := c.r.URL.Query()
+		instance := q.Get("instance")
 		maxID := q.Get("max_id")
 		minID := q.Get("min_id")
-		return s.TimelinePage(c, tType, maxID, minID)
-		return nil
+		return s.TimelinePage(c, tType, instance, maxID, minID)
 	}, SESSION, HTML)

 	defaultTimelinePage := handle(func(c *client) error {
@ -198,41 +171,41 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	}, SESSION, HTML)

 	threadPage := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		q := c.Req.URL.Query()
+		id, _ := mux.Vars(c.r)["id"]
+		q := c.r.URL.Query()
 		reply := q.Get("reply")
 		return s.ThreadPage(c, id, len(reply) > 1)
 	}, SESSION, HTML)

 	likedByPage := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		return s.LikedByPage(c, id)
 	}, SESSION, HTML)

 	retweetedByPage := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		return s.RetweetedByPage(c, id)
 	}, SESSION, HTML)

 	notificationsPage := handle(func(c *client) error {
-		q := c.Req.URL.Query()
+		q := c.r.URL.Query()
 		maxID := q.Get("max_id")
 		minID := q.Get("min_id")
 		return s.NotificationPage(c, maxID, minID)
 	}, SESSION, HTML)

 	userPage := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		pageType, _ := mux.Vars(c.Req)["type"]
-		q := c.Req.URL.Query()
+		id, _ := mux.Vars(c.r)["id"]
+		pageType, _ := mux.Vars(c.r)["type"]
+		q := c.r.URL.Query()
 		maxID := q.Get("max_id")
 		minID := q.Get("min_id")
 		return s.UserPage(c, id, pageType, maxID, minID)
 	}, SESSION, HTML)

 	userSearchPage := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		q := c.Req.URL.Query()
+		id, _ := mux.Vars(c.r)["id"]
+		q := c.r.URL.Query()
 		sq := q.Get("q")
 		offset, _ := strconv.Atoi(q.Get("offset"))
 		return s.UserSearchPage(c, id, sq, offset)
@ -247,7 +220,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	}, SESSION, HTML)

 	searchPage := handle(func(c *client) error {
-		q := c.Req.URL.Query()
+		q := c.r.URL.Query()
 		sq := q.Get("q")
 		qType := q.Get("type")
 		offset, _ := strconv.Atoi(q.Get("offset"))
@ -258,50 +231,46 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		return s.SettingsPage(c)
 	}, SESSION, HTML)

+	filtersPage := handle(func(c *client) error {
+		return s.FiltersPage(c)
+	}, SESSION, HTML)
+
 	signin := handle(func(c *client) error {
-		instance := c.Req.FormValue("instance")
-		url, sid, err := s.NewSession(instance)
+		instance := c.r.FormValue("instance")
+		url, sid, err := s.NewSession(c, instance)
 		if err != nil {
 			return err
 		}
-		setSessionCookie(c, sid, sessionExp)
+		setSessionCookie(c.w, sid, sessionExp)
 		redirect(c, url)
 		return nil
 	}, NOAUTH, HTML)

 	oauthCallback := handle(func(c *client) error {
-		q := c.Req.URL.Query()
+		q := c.r.URL.Query()
 		token := q.Get("code")
-		token, userID, err := s.Signin(c, token)
+		err := s.Signin(c, token)
 		if err != nil {
 			return err
 		}
-
-		c.Session.AccessToken = token
-		c.Session.UserID = userID
-		err = s.sessionRepo.Add(c.Session)
-		if err != nil {
-			return err
-		}
-
 		redirect(c, "/")
 		return nil
 	}, SESSION, HTML)

 	post := handle(func(c *client) error {
-		content := c.Req.FormValue("content")
-		replyToID := c.Req.FormValue("reply_to_id")
-		format := c.Req.FormValue("format")
-		visibility := c.Req.FormValue("visibility")
-		isNSFW := c.Req.FormValue("is_nsfw") == "on"
-		files := c.Req.MultipartForm.File["attachments"]
+		content := c.r.FormValue("content")
+		replyToID := c.r.FormValue("reply_to_id")
+		format := c.r.FormValue("format")
+		visibility := c.r.FormValue("visibility")
+		isNSFW := c.r.FormValue("is_nsfw") == "true"
+		files := c.r.MultipartForm.File["attachments"]

 		id, err := s.Post(c, content, replyToID, format, visibility, isNSFW, files)
 		if err != nil {
 			return err
 		}

-		location := c.Req.Header.Get("Referer")
+		location := c.r.FormValue("referrer")
 		if len(replyToID) > 0 {
 			location = "/thread/" + replyToID + "#status-" + id
 		}
@ -310,8 +279,8 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	}, CSRF, HTML)

 	like := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		rid := c.Req.FormValue("retweeted_by_id")
+		id, _ := mux.Vars(c.r)["id"]
+		rid := c.r.FormValue("retweeted_by_id")
 		_, err := s.Like(c, id)
 		if err != nil {
 			return err
@ -319,13 +288,13 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		if len(rid) > 0 {
 			id = rid
 		}
-		redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
+		redirect(c, c.r.FormValue("referrer")+"#status-"+id)
 		return nil
 	}, CSRF, HTML)

 	unlike := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		rid := c.Req.FormValue("retweeted_by_id")
+		id, _ := mux.Vars(c.r)["id"]
+		rid := c.r.FormValue("retweeted_by_id")
 		_, err := s.UnLike(c, id)
 		if err != nil {
 			return err
@ -333,13 +302,13 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		if len(rid) > 0 {
 			id = rid
 		}
-		redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
+		redirect(c, c.r.FormValue("referrer")+"#status-"+id)
 		return nil
 	}, CSRF, HTML)

 	retweet := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		rid := c.Req.FormValue("retweeted_by_id")
+		id, _ := mux.Vars(c.r)["id"]
+		rid := c.r.FormValue("retweeted_by_id")
 		_, err := s.Retweet(c, id)
 		if err != nil {
 			return err
@ -347,13 +316,13 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		if len(rid) > 0 {
 			id = rid
 		}
-		redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
+		redirect(c, c.r.FormValue("referrer")+"#status-"+id)
 		return nil
 	}, CSRF, HTML)

 	unretweet := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		rid := c.Req.FormValue("retweeted_by_id")
+		id, _ := mux.Vars(c.r)["id"]
+		rid := c.r.FormValue("retweeted_by_id")
 		_, err := s.UnRetweet(c, id)
 		if err != nil {
 			return err
@ -361,25 +330,25 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		if len(rid) > 0 {
 			id = rid
 		}
-		redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
+		redirect(c, c.r.FormValue("referrer")+"#status-"+id)
 		return nil
 	}, CSRF, HTML)

 	vote := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		statusID := c.Req.FormValue("status_id")
-		choices, _ := c.Req.PostForm["choices"]
+		id, _ := mux.Vars(c.r)["id"]
+		statusID := c.r.FormValue("status_id")
+		choices, _ := c.r.PostForm["choices"]
 		err := s.Vote(c, id, choices)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.Header.Get("Referer")+"#status-"+statusID)
+		redirect(c, c.r.FormValue("referrer")+"#status-"+statusID)
 		return nil
 	}, CSRF, HTML)

 	follow := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		q := c.Req.URL.Query()
+		id, _ := mux.Vars(c.r)["id"]
+		q := c.r.URL.Query()
 		var reblogs *bool
 		if r, ok := q["reblogs"]; ok && len(r) > 0 {
 			reblogs = new(bool)
@ -389,91 +358,112 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.Header.Get("Referer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	unfollow := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.UnFollow(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.Header.Get("Referer"))
+		redirect(c, c.r.FormValue("referrer"))
+		return nil
+	}, CSRF, HTML)
+
+	accept := handle(func(c *client) error {
+		id, _ := mux.Vars(c.r)["id"]
+		err := s.Accept(c, id)
+		if err != nil {
+			return err
+		}
+		redirect(c, c.r.FormValue("referrer"))
+		return nil
+	}, CSRF, HTML)
+
+	reject := handle(func(c *client) error {
+		id, _ := mux.Vars(c.r)["id"]
+		err := s.Reject(c, id)
+		if err != nil {
+			return err
+		}
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	mute := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.Mute(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.Header.Get("Referer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	unMute := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.UnMute(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.Header.Get("Referer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	block := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.Block(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.Header.Get("Referer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	unBlock := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.UnBlock(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.Header.Get("Referer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	subscribe := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.Subscribe(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.Header.Get("Referer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	unSubscribe := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.UnSubscribe(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.Header.Get("Referer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	settings := handle(func(c *client) error {
-		visibility := c.Req.FormValue("visibility")
-		format := c.Req.FormValue("format")
-		copyScope := c.Req.FormValue("copy_scope") == "true"
-		threadInNewTab := c.Req.FormValue("thread_in_new_tab") == "true"
-		hideAttachments := c.Req.FormValue("hide_attachments") == "true"
-		maskNSFW := c.Req.FormValue("mask_nsfw") == "true"
-		ni, _ := strconv.Atoi(c.Req.FormValue("notification_interval"))
-		fluorideMode := c.Req.FormValue("fluoride_mode") == "true"
-		darkMode := c.Req.FormValue("dark_mode") == "true"
-		antiDopamineMode := c.Req.FormValue("anti_dopamine_mode") == "true"
+		visibility := c.r.FormValue("visibility")
+		format := c.r.FormValue("format")
+		copyScope := c.r.FormValue("copy_scope") == "true"
+		threadInNewTab := c.r.FormValue("thread_in_new_tab") == "true"
+		hideAttachments := c.r.FormValue("hide_attachments") == "true"
+		maskNSFW := c.r.FormValue("mask_nsfw") == "true"
+		ni, _ := strconv.Atoi(c.r.FormValue("notification_interval"))
+		fluorideMode := c.r.FormValue("fluoride_mode") == "true"
+		darkMode := c.r.FormValue("dark_mode") == "true"
+		antiDopamineMode := c.r.FormValue("anti_dopamine_mode") == "true"
+		css := c.r.FormValue("css")

 		settings := &model.Settings{
 			DefaultVisibility:    visibility,
@ -486,6 +476,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 			FluorideMode:         fluorideMode,
 			DarkMode:             darkMode,
 			AntiDopamineMode:     antiDopamineMode,
+			CSS:                  css,
 		}

 		err := s.SaveSettings(c, settings)
@ -497,49 +488,49 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	}, CSRF, HTML)

 	muteConversation := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.MuteConversation(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.Header.Get("Referer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	unMuteConversation := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.UnMuteConversation(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.Header.Get("Referer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	delete := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		err := s.Delete(c, id)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.Header.Get("Referer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	readNotifications := handle(func(c *client) error {
-		q := c.Req.URL.Query()
+		q := c.r.URL.Query()
 		maxID := q.Get("max_id")
 		err := s.ReadNotifications(c, maxID)
 		if err != nil {
 			return err
 		}
-		redirect(c, c.Req.Header.Get("Referer"))
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	bookmark := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		rid := c.Req.FormValue("retweeted_by_id")
+		id, _ := mux.Vars(c.r)["id"]
+		rid := c.r.FormValue("retweeted_by_id")
 		err := s.Bookmark(c, id)
 		if err != nil {
 			return err
@ -547,13 +538,13 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		if len(rid) > 0 {
 			id = rid
 		}
-		redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
+		redirect(c, c.r.FormValue("referrer")+"#status-"+id)
 		return nil
 	}, CSRF, HTML)

 	unBookmark := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
-		rid := c.Req.FormValue("retweeted_by_id")
+		id, _ := mux.Vars(c.r)["id"]
+		rid := c.r.FormValue("retweeted_by_id")
 		err := s.UnBookmark(c, id)
 		if err != nil {
 			return err
@ -561,19 +552,40 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 		if len(rid) > 0 {
 			id = rid
 		}
-		redirect(c, c.Req.Header.Get("Referer")+"#status-"+id)
+		redirect(c, c.r.FormValue("referrer")+"#status-"+id)
+		return nil
+	}, CSRF, HTML)
+
+	filter := handle(func(c *client) error {
+		phrase := c.r.FormValue("phrase")
+		wholeWord := c.r.FormValue("whole_word") == "true"
+		err := s.Filter(c, phrase, wholeWord)
+		if err != nil {
+			return err
+		}
+		redirect(c, c.r.FormValue("referrer"))
+		return nil
+	}, CSRF, HTML)
+
+	unFilter := handle(func(c *client) error {
+		id, _ := mux.Vars(c.r)["id"]
+		err := s.UnFilter(c, id)
+		if err != nil {
+			return err
+		}
+		redirect(c, c.r.FormValue("referrer"))
 		return nil
 	}, CSRF, HTML)

 	signout := handle(func(c *client) error {
 		s.Signout(c)
-		setSessionCookie(c, "", 0)
+		setSessionCookie(c.w, "", 0)
 		redirect(c, "/")
 		return nil
 	}, CSRF, HTML)

 	fLike := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		count, err := s.Like(c, id)
 		if err != nil {
 			return err
@ -582,7 +594,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	}, CSRF, JSON)

 	fUnlike := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		count, err := s.UnLike(c, id)
 		if err != nil {
 			return err
@ -591,7 +603,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	}, CSRF, JSON)

 	fRetweet := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		count, err := s.Retweet(c, id)
 		if err != nil {
 			return err
@ -600,7 +612,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	}, CSRF, JSON)

 	fUnretweet := handle(func(c *client) error {
-		id, _ := mux.Vars(c.Req)["id"]
+		id, _ := mux.Vars(c.r)["id"]
 		count, err := s.UnRetweet(c, id)
 		if err != nil {
 			return err
@ -624,6 +636,7 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	r.HandleFunc("/emojis", emojisPage).Methods(http.MethodGet)
 	r.HandleFunc("/search", searchPage).Methods(http.MethodGet)
 	r.HandleFunc("/settings", settingsPage).Methods(http.MethodGet)
+	r.HandleFunc("/filters", filtersPage).Methods(http.MethodGet)
 	r.HandleFunc("/signin", signin).Methods(http.MethodPost)
 	r.HandleFunc("/oauth_callback", oauthCallback).Methods(http.MethodGet)
 	r.HandleFunc("/post", post).Methods(http.MethodPost)
@ -634,6 +647,8 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	r.HandleFunc("/vote/{id}", vote).Methods(http.MethodPost)
 	r.HandleFunc("/follow/{id}", follow).Methods(http.MethodPost)
 	r.HandleFunc("/unfollow/{id}", unfollow).Methods(http.MethodPost)
+	r.HandleFunc("/accept/{id}", accept).Methods(http.MethodPost)
+	r.HandleFunc("/reject/{id}", reject).Methods(http.MethodPost)
 	r.HandleFunc("/mute/{id}", mute).Methods(http.MethodPost)
 	r.HandleFunc("/unmute/{id}", unMute).Methods(http.MethodPost)
 	r.HandleFunc("/block/{id}", block).Methods(http.MethodPost)
@ -647,6 +662,8 @@ func NewHandler(s *service, logger *log.Logger, staticDir string) http.Handler {
 	r.HandleFunc("/notifications/read", readNotifications).Methods(http.MethodPost)
 	r.HandleFunc("/bookmark/{id}", bookmark).Methods(http.MethodPost)
 	r.HandleFunc("/unbookmark/{id}", unBookmark).Methods(http.MethodPost)
+	r.HandleFunc("/filter", filter).Methods(http.MethodPost)
+	r.HandleFunc("/unfilter/{id}", unFilter).Methods(http.MethodPost)
 	r.HandleFunc("/signout", signout).Methods(http.MethodPost)
 	r.HandleFunc("/fluoride/like/{id}", fLike).Methods(http.MethodPost)
 	r.HandleFunc("/fluoride/unlike/{id}", fUnlike).Methods(http.MethodPost)
--- a/static/fluoride.js
+++ b/static/fluoride.js
@ -205,6 +205,64 @@ function handleStatusLink(a) {
 		a.target = "_blank";
 }

+function setPos(el, cx, cy, mw, mh) {
+	var h = el.clientHeight;
+	var w = el.clientWidth;
+	var left, top;
+	if (cx < mw/2) {
+		if (w + cx + 20 < mw) {
+			left = cx + 20; 
+		} else {
+			left = (mw - w);
+		}
+	} else {
+		if (cx - w - 20 > 0) {
+			left = cx - w - 20; 
+		} else {
+			left = 0;
+		}
+	}
+	top = (cy - (h/2));
+	if (top < 0) {
+		top = 0;
+	} else if (top + h > mh) {
+		top = (mh - h);
+	} 
+	el.style.left = left + "px";
+	el.style.top = top + "px";
+}
+
+var imgPrev = null;
+function handleImgPreview(a) {
+	a.onmouseenter = function(e) {
+		var mw = document.documentElement.clientWidth;
+		var mh = document.documentElement.clientHeight - 24;
+		var img = document.createElement("img");
+		img.id = "img-preview";
+		img.src = e.target.getAttribute("href");
+		img.style["max-width"] = mw + "px";
+		img.style["max-height"] = mh + "px";
+		img.onload = function(e2) {
+			setPos(e2.target, e.clientX, e.clientY, mw, mh);
+		}
+		document.body.appendChild(img);
+		imgPrev = img;
+	}
+	a.onmouseleave = function(e) {
+		var img = document.getElementById("img-preview");
+		if (img)
+			document.body.removeChild(img);
+		imgPrev = null;
+	}
+	a.onmousemove = function(e) {
+		if (!imgPrev)
+			return;
+		var mw = document.documentElement.clientWidth;
+		var mh = document.documentElement.clientHeight - 24;
+		setPos(imgPrev, e.clientX, e.clientY, mw, mh);
+	}
+}
+
 document.addEventListener("DOMContentLoaded", function() { 
 	checkCSRFToken();
 	checkAntiDopamineMode();
@ -238,6 +296,11 @@ document.addEventListener("DOMContentLoaded", function() {
 	for (var j = 0; j < links.length; j++) {
 		links[j].target = "_blank";
 	}
+
+	var links = document.querySelectorAll(".status-media-container .img-link");
+	for (var j = 0; j < links.length; j++) {
+		handleImgPreview(links[j]);
+	}
 });

 // @license-end
--- a/static/style.css
+++ b/static/style.css
@ -1,11 +1,14 @@
+body {
+	background-color: #d2d2d2;
+}
+
 .status-container-container {
 	margin: 0 -4px 12px -4px;
 	padding: 4px;
 	border-left: 4px solid transparent;
 }

-.status-container-container:target,
-.status-container-container.unread {
+.status-container-container:target {
 	border-color: #777777;
 }

@ -156,12 +159,20 @@
 	margin-left: 4px;
 }

-.post-content {
+textarea {
 	padding: 4px;
 	font-size: 11pt;
 	font-family: initial;
-	width: 100%;
+}
+
+.post-content {
 	box-sizing: border-box;
+	width: 100%;
+}
+
+#css {
+	box-sizing: border-box;
+	max-width: 100%;
 }

 .pagination {
@ -173,6 +184,21 @@
 	font-size: 13pt;
 }

+.notification-container {
+	margin: 0 -4px 12px -4px;
+	padding: 4px;
+	border-left: 4px solid transparent;
+}
+
+.notification-container.unread {
+	border-color: #777777;
+}
+
+.notification-container.favourite .status-container,
+.notification-container.reblog .status-container {
+	opacity: 0.6;
+}
+
 .notification-info-text span {
 	vertical-align: middle;
 }
@ -281,7 +307,7 @@ a, .btn-link {

 a:hover,
 .btn-link:hover {
-	color: #9899c4;
+	color: #8387bf;
 }

 .status-visibility {
@ -333,9 +359,10 @@ a:hover,
 }

 .emoji-item-container {
-	min-width: 220px;
+	width: 220px;
 	display: inline-block;
 	margin: 4px 0;
+	overflow: hidden;
 }

 .emoji-item {
@ -432,7 +459,7 @@ img.emoji {

 #reply-popup {
 	position: absolute;
-	background: #ffffff;
+	background-color: #d2d2d2;
 	border: 1px solid #aaaaaa;
 	padding: 4px 8px;
 	z-index: 3;
@ -441,7 +468,7 @@ img.emoji {

 #reply-to-popup {
 	position: absolute;
-	background: #ffffff;
+	background-color: #d2d2d2;
 	border: 1px solid #aaaaaa;
 	padding: 4px 8px;
 	z-index: 3;
@ -461,7 +488,7 @@ img.emoji {
 .more-content {
 	display: none;
 	position: absolute;
-	background-color: #ffffff;
+	background-color: #d2d2d2;
 	padding: 2px 4px;
 	border: 1px solid #aaaaaa;
 }
@ -534,6 +561,20 @@ kbd {
 	font-size: 10pt;
 }

+.filters {
+	margin: 10px 0;
+}
+
+.filters td {
+	padding: 2px 4px;
+}
+
+#img-preview {
+	pointer-events: none;
+	z-index: 2;
+	position: fixed;
+}
+
 .dark {
 	background-color: #222222;
 	background-image: none;
@ -544,7 +585,7 @@ kbd {
 	color: #81a2be;
 }

-.dark #post-content {
+.dark textarea {
 	background-color: #333333;
 	border: 1px solid #444444;
 	color: #eaeaea;
--- a/templates/about.tmpl
+++ b/templates/about.tmpl
@ -89,6 +89,10 @@
 			<td> Read notifications </td>
 			<td> <kbd>C</kbd> </td>
 		</tr>
+		<tr>
+			<td> Refresh thread page </td>
+			<td> <kbd>T</kbd> </td>
+		</tr>
 	</table>
 	<p>
 		You can activate the shortcuts by pressing the associated key with your browser's <a href="https://en.wikipedia.org/wiki/Access_key#Access_in_different_browsers" target="_blank">accesskey modifier</a>, 
--- a/templates/emoji.tmpl
+++ b/templates/emoji.tmpl
@ -7,7 +7,7 @@
 	<div class="emoji-item-container">
 		<div class="emoji-item">
 			<img class="emoji" src="{{.URL}}" alt="{{.ShortCode}}" height="32" />
-			<span class="emoji-shortcode">:{{.ShortCode}}:</span>
+			<span title=":{{.ShortCode}}:" class="emoji-shortcode">:{{.ShortCode}}:</span>
 		</div>
 	</div>
 	{{end}}
--- a/templates/error.tmpl
+++ b/templates/error.tmpl
@ -2,10 +2,15 @@
 {{template "header.tmpl" (WithContext .CommonData $.Ctx)}}
 <div class="page-title"> Error </div>

-<div class="error-text"> {{.Error}} </div>
+<div class="error-text"> {{.Err}} </div>
 <div>
-	<a href="/timeline/home">Home</a>
-	<a href="/signin" target="_top">Sign In</a>
+	<a href="/timeline/home">home</a>
+	{{if .Retry}}
+	<a href="{{$.Ctx.Referrer}}">retry</a>
+	{{end}}
+	{{if .SessionErr}}
+	<a href="/signin" target="_top">signin</a>
+	{{end}}
 </div>

 {{template "footer.tmpl"}}
--- a/templates/filters.tmpl
+++ b/templates/filters.tmpl
@ -0,0 +1,40 @@
+{{with .Data}}
+{{template "header.tmpl" (WithContext .CommonData $.Ctx)}}
+<div class="page-title"> Filters </div>
+
+{{if .Filters}}
+<table class="filters">
+	{{range .Filters}}
+	<tr>
+		<td> {{.Phrase}}{{if not .WholeWord}}*{{end}} </td>
+		<td> 
+			<form action="/unfilter/{{.ID}}" method="POST">
+				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
+				<button type="submit"> Delete </button>
+			</form>
+		</td>
+	</tr>
+	{{end}}
+</table>
+{{else}}
+	<div class="filters"> No filters added </div>
+{{end}}
+
+<div class="page-title"> Add filter </div>
+<form action="/filter" method="POST">
+	<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+	<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
+	<span class="settings-form-field">
+		<label for="phrase"> Phrase </label>
+		<input id="phrase" name="phrase" required>
+	</span>
+	<span class="settings-form-field">
+		<input id="whole-word" name="whole_word" type="checkbox" value="true" checked>
+		<label for="whole-word"> Whole word </label>
+	</span>
+	<button type="submit"> Add </button>
+</form>
+
+{{template "footer.tmpl"}}
+{{end}}
--- a/templates/header.tmpl
+++ b/templates/header.tmpl
@ -17,7 +17,7 @@
 	{{if .RefreshInterval}}
 	<meta http-equiv="refresh" content="{{.RefreshInterval}}">
 	{{end}}
-	<title> {{if gt .Count 0}}({{.Count}}){{end}} {{.Title}} </title>
+	<title> {{if gt .Count 0}}({{.Count}}){{end}} {{.Title | html}} </title>
 	<link rel="stylesheet" href="/static/style.css">
 	{{if .CustomCSS}}
 	<link rel="stylesheet" href="{{.CustomCSS}}">
@ -25,6 +25,9 @@
 	{{if $.Ctx.FluorideMode}}
 	<script src="/static/fluoride.js"></script>
 	{{end}}
+	{{if $.Ctx.UserCSS}}
+	<style>{{$.Ctx.UserCSS}}</style>
+	{{end}}
 </head>
 <body {{if $.Ctx.DarkMode}}class="dark"{{end}}>
 {{end}}
--- a/templates/nav.tmpl
+++ b/templates/nav.tmpl
@ -3,7 +3,7 @@
 <div class="user-info">
 	<div class="user-info-img-container">
 		<a class="img-link" href="/timeline/home" title="Home (1)">
-			<img class="user-info-img" src="{{.User.AvatarStatic}}" alt="profile-avatar" height="64" />
+			<img class="user-info-img" src="{{.User.Avatar}}" alt="profile-avatar" height="64" />
 		</a>
 	</div>
 	<div class="user-info-details-container">
@ -17,16 +17,18 @@
 			<a class="nav-link" href="/timeline/home" accesskey="1" title="Home timeline (1)">home</a>
 			<a class="nav-link" href="/timeline/direct" accesskey="2" title="Direct timeline (2)">direct</a>
 			<a class="nav-link" href="/timeline/local" accesskey="3" title="Local timeline (3)">local</a>
-			<a class="nav-link" href="/timeline/twkn" accesskey="4" title="The Whole Known Netwwork (4)">twkn</a>
-			<a class="nav-link" href="/search" accesskey="5" title="Search (5)">search</a>
-			<a class="nav-link" href="/about" accesskey="6" title="About (6)">about</a>
+			<a class="nav-link" href="/timeline/remote" accesskey="4" title="Remote timeline (4)">remote</a>
+			<a class="nav-link" href="/timeline/twkn" accesskey="5" title="The Whole Known Netwwork (5)">twkn</a>
+			<a class="nav-link" href="/search" accesskey="6" title="Search (6)">search</a>
 		</div>
 		<div>
 			<a class="nav-link" href="/settings" target="_top" accesskey="7" title="Settings (7)">settings</a>
 			<form class="signout" action="/signout" method="post" target="_top">
 				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 				<input type="submit" value="signout" class="btn-link nav-link" accesskey="8" title="Signout (8)">
 			</form>
+			<a class="nav-link" href="/about" accesskey="9" title="About (9)">about</a>
 		</div>
 	</div>
 </div>
--- a/templates/notification.tmpl
+++ b/templates/notification.tmpl
@ -11,18 +11,19 @@
 	{{if .ReadID}}
 	<form class="notification-read" action="/notifications/read?max_id={{.ReadID}}" method="post" target="_self">
 		<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+		<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 		<input type="submit" value="read" class="btn-link" accesskey="C" title="Clear unread notifications (C)">
 	</form>
 	{{end}}
 </div>

 {{range .Notifications}}
-<div class="status-container-container {{if .Pleroma}}{{if not .Pleroma.IsSeen}}unread{{end}}{{end}}">
+<div class="notification-container {{.Type}} {{if .Pleroma}}{{if not .Pleroma.IsSeen}}unread{{end}}{{end}}">
 	{{if eq .Type "follow"}}
 	<div class="notification-follow-container">
 		<div class="status-profile-img-container">
 			<a class="img-link" href="/user/{{.Account.ID}}">
-				<img class="status-profile-img" src="{{.Account.AvatarStatic}}" title="@{{.Account.Acct}}" alt="profile-avatar" height="48" />
+				<img class="status-profile-img" src="{{.Account.Avatar}}" title="@{{.Account.Acct}}" alt="profile-avatar" height="48" />
 			</a>
 		</div>
 		<div class="notification-follow">
@ -38,13 +39,44 @@
 		</div>
 	</div>

+	{{else if eq .Type "follow_request"}}
+	<div class="notification-follow-container">
+		<div class="status-profile-img-container">
+			<a class="img-link" href="/user/{{.Account.ID}}">
+				<img class="status-profile-img" src="{{.Account.Avatar}}" title="@{{.Account.Acct}}" alt="profile-avatar" height="48" />
+			</a>
+		</div>
+		<div class="notification-follow">
+			<div class="notification-info-text">
+				<bdi class="status-dname"> {{EmojiFilter .Account.DisplayName .Account.Emojis}} </bdi>  
+				<span class="notification-text"> wants to follow you - 
+					<time datetime="{{FormatTimeRFC3339 .CreatedAt}}" title="{{FormatTimeRFC822 .CreatedAt}}">{{TimeSince .CreatedAt}}</time> 
+				</span>
+			</div>
+			<div>
+				<a href="/user/{{.Account.ID}}"> <span class="status-uname"> @{{.Account.Acct}} </span> </a>
+			</div>
+			<form class="d-inline" action="/accept/{{.Account.ID}}" method="post" target="_self">
+				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
+				<input type="submit" value="accept" class="btn-link">
+			</form>
+			-
+			<form class="d-inline" action="/reject/{{.Account.ID}}" method="post" target="_self">
+				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
+				<input type="submit" value="reject" class="btn-link">
+			</form>
+		</div>
+	</div>
+
 	{{else if eq .Type "mention"}}
 	{{template "status" (WithContext .Status $.Ctx)}}

 	{{else if eq .Type "reblog"}}
 	<div class="retweet-info">
 		<a class="img-link" href="/user/{{.Account.ID}}">
-			<img class="status-profile-img" src="{{.Account.AvatarStatic}}" title="@{{.Account.Acct}}" alt="avatar" height="48" />
+			<img class="status-profile-img" src="{{.Account.Avatar}}" title="@{{.Account.Acct}}" alt="avatar" height="48" />
 		</a>
 		<a href="/user/{{.Account.ID}}">
 			<span class="status-uname"> @{{.Account.Acct}} </span>
@ -58,7 +90,7 @@
 	{{else if eq .Type "favourite"}}
 	<div class="retweet-info">
 		<a class="img-link" href="/user/{{.Account.ID}}">
-			<img class="status-profile-img" src="{{.Account.AvatarStatic}}" title="@{{.Account.Acct}}" alt="avatar" height="48" />
+			<img class="status-profile-img" src="{{.Account.Avatar}}" title="@{{.Account.Acct}}" alt="avatar" height="48" />
 		</a>
 		<a href="/user/{{.Account.ID}}">
 			<span class="status-uname"> @{{.Account.Acct}} </span>
@ -68,6 +100,20 @@
 		</span>
 	</div>
 	{{template "status" (WithContext .Status $.Ctx)}}
+
+	{{else}}
+	<div class="retweet-info">
+		<a class="img-link" href="/user/{{.Account.ID}}">
+			<img class="status-profile-img" src="{{.Account.Avatar}}" title="@{{.Account.Acct}}" alt="avatar" height="48" />
+		</a>
+		<a href="/user/{{.Account.ID}}">
+			<span class="status-uname"> @{{.Account.Acct}} </span>
+		</a>
+		<span class="notification-text"> {{.Type}} - 
+			<time datetime="{{FormatTimeRFC3339 .CreatedAt}}" title="{{FormatTimeRFC822 .CreatedAt}}">{{TimeSince .CreatedAt}}</time> 
+		</span>
+	</div>
+	{{if .Status}}{{template "status" (WithContext .Status $.Ctx)}}{{end}}
 	{{end}}
 </div>
 {{end}}
--- a/templates/postform.tmpl
+++ b/templates/postform.tmpl
@ -1,6 +1,7 @@
 {{with .Data}}
 <form class="post-form" action="/post" method="POST" enctype="multipart/form-data" target="_self">
 	<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+	<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 	{{if .ReplyContext}}
 	<input type="hidden" name="reply_to_id" value="{{.ReplyContext.InReplyToID}}" />
 	<label for="post-content" class="post-form-title"> Reply to {{.ReplyContext.InReplyToName}} </label>
@ -14,7 +15,7 @@
 		<textarea id="post-content" name="content" class="post-content" cols="34" rows="5" accesskey="E" title="Edit post (E)">{{if .ReplyContext}}{{.ReplyContext.ReplyContent}}{{end}}</textarea>
 	</div>
 	<div>
-		{{if gt (len .Formats) 0}}
+		{{if .Formats}}
 		<span class="post-form-field">
 			{{$defFormat := .DefaultFormat}}
 			<select id="post-format" name="format" accesskey="F" title="Format (F)">
@ -33,7 +34,7 @@
 			</select>
 		</span>
 		<span class="post-form-field">
-			<input type="checkbox" id="nsfw-checkbox" name="is_nsfw" value="on" accesskey="N" title="NSFW (N)">
+			<input type="checkbox" id="nsfw-checkbox" name="is_nsfw" value="true" accesskey="N" title="NSFW (N)">
 			<label for="nsfw-checkbox"> NSFW </label>
 		</span>
 	</div>
@ -43,6 +44,7 @@
 		</span>
 	</div>
 	<button type="submit" accesskey="P" title="Post (P)"> Post </button>
+	<button type="reset" title="Reset"> Reset </button>
 </form>
 {{end}}

--- a/templates/requestlist.tmpl
+++ b/templates/requestlist.tmpl
@ -0,0 +1,36 @@
+{{with .Data}}
+<div>
+	{{range .}}
+	<div class="user-list-item">
+		<div class="user-list-profile-img">
+			<a class="img-link" href="/user/{{.ID}}">
+				<img class="status-profile-img" src="{{.Avatar}}" title="@{{.Acct}}" alt="avatar" height="48" />
+			</a>
+		</div>
+		<div class="user-list-name">
+			<div>
+				<div class="status-dname"> {{EmojiFilter .DisplayName .Emojis}} </div>  
+				<a class="img-link" href="/user/{{.ID}}">
+					<div class="status-uname"> @{{.Acct}} </div>
+				</a>
+			</div>
+			<form class="d-inline" action="/accept/{{.ID}}" method="post" target="_self">
+				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
+				<input type="submit" value="accept" class="btn-link">
+			</form>
+			-
+			<form class="d-inline" action="/reject/{{.ID}}" method="post" target="_self">
+				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
+				<input type="submit" value="reject" class="btn-link">
+			</form>
+		</div>
+	</div>
+	{{else}}
+	<div class="no-data-found">No data found</div>
+	{{end}}
+</div>
+{{else}}
+<div class="no-data-found">No data found</div>
+{{end}}
--- a/templates/root.tmpl
+++ b/templates/root.tmpl
@ -6,7 +6,7 @@
 	<link rel="icon" type="image/png" href="/static/favicon.png">
 	<title>{{.Title}}</title>
 </head>
-<frameset cols="420px,*">
+<frameset cols="424px,*">
 	<frameset rows="316px,*">
 		<frame name="nav" src="/nav"> 
 		<frame name="notification" src="/notifications"> 
--- a/templates/search.tmpl
+++ b/templates/search.tmpl
@ -5,7 +5,7 @@
 <form class="search-form" action="/search" method="GET">
 	<span class="post-form-field">
 		<label for="query"> Query </label>
-		<input id="query" name="q" value="{{.Q}}">
+		<input id="query" name="q" value="{{.Q | html}}">
 	</span>
 	<span class="post-form-field">
 		<label for="type"> Type </label>
--- a/templates/settings.tmpl
+++ b/templates/settings.tmpl
@ -4,6 +4,8 @@

 <form id="settings-form" action="/settings" method="POST">
 	<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+	<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
+	{{if .PostFormats}}
 	<div class="settings-form-field">
 		<label for="visibility"> Default format </label>
 		{{$defFormat := .Settings.DefaultFormat}}
@ -13,6 +15,7 @@
 			{{end}}
 		</select>
 	</div>
+	{{end}}
 	<div class="settings-form-field">
 		<label for="visibility"> Default scope </label>
 		<select id="visibility" name="visibility">
@ -62,6 +65,12 @@
 		<input id="dark-mode" name="dark_mode" type="checkbox" value="true" {{if .Settings.DarkMode}}checked{{end}}>
 		<label for="dark-mode"> Use dark theme </label>
 	</div>
+	<div class="settings-form-field">
+		<label for="css"> Custom CSS: </label>
+	</div>
+	<div>
+		<textarea id="css" name="css" cols="80" rows="8">{{.Settings.CSS}}</textarea>
+	</div>
 	<button type="submit"> Save </button>
 </form>

--- a/templates/status.tmpl
+++ b/templates/status.tmpl
@ -3,7 +3,7 @@
 	{{if .Reblog}}
 	<div class="retweet-info">
 		<a class="img-link" href="/user/{{.Account.ID}}">
-			<img class="status-profile-img" src="{{.Account.AvatarStatic}}" title="@{{.Account.Acct}}" alt="avatar" height="24" />
+			<img class="status-profile-img" src="{{.Account.Avatar}}" title="@{{.Account.Acct}}" alt="avatar" height="24" />
 		</a>
 		<bdi class="status-dname"> {{EmojiFilter .Account.DisplayName .Account.Emojis}} </bdi>  
 		<a href="/user/{{.Account.ID}}"> 
@ -18,7 +18,7 @@
 	<div class="status-container status-{{.ID}}" data-id="{{.ID}}">
 		<div class="status-profile-img-container">
 			<a class="img-link" href="/user/{{.Account.ID}}">
-				<img class="status-profile-img" src="{{.Account.AvatarStatic}}" title="@{{.Account.Acct}}" alt="avatar" height="48" />
+				<img class="status-profile-img" src="{{.Account.Avatar}}" title="@{{.Account.Acct}}" alt="avatar" height="48" />
 			</a>
 		</div>
 		<div class="status"> 
@ -38,23 +38,27 @@
 						{{if .Muted}}
 						<form action="/unmuteconv/{{.ID}}" method="post" target="_self">
 							<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+							<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 							<input type="submit" value="unmute" class="btn-link more-link">
 						</form>
 						{{else}}
 						<form action="/muteconv/{{.ID}}" method="post" target="_self">
 							<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+							<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 							<input type="submit" value="mute" class="btn-link more-link">
 						</form>
 						{{end}}
 						{{if .Bookmarked}}
 						<form action="/unbookmark/{{.ID}}" method="post" target="_self">
 							<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+							<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 							<input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}">
 							<input type="submit" value="unbookmark" class="btn-link more-link">
 						</form>
 						{{else}}
 						<form action="/bookmark/{{.ID}}" method="post" target="_self">
 							<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+							<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 							<input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}">
 							<input type="submit" value="bookmark" class="btn-link more-link">
 						</form>
@ -62,6 +66,7 @@
 						{{if eq $.Ctx.UserID .Account.ID}}
 						<form action="/delete/{{.ID}}" method="post" target="_self">
 							<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+							<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 							<input type="submit" value="delete" class="btn-link more-link">
 						</form>
 						{{end}}
@ -83,7 +88,7 @@
 				{{end}}
 			</div>
 			{{if .Content}}
-			<div class="status-content"> {{StatusContentFilter .SpoilerText .Content .Emojis .Mentions}} </div>
+			<div class="status-content"> {{StatusContentFilter (html .SpoilerText) .Content .Emojis .Mentions}} </div>
 			{{end}}
 			{{if .MediaAttachments}}
 			<div class="status-media-container">
@ -91,10 +96,12 @@

 				{{if eq .Type "image"}}
 				{{if $.Ctx.HideAttachments}}
-				<a href="{{.URL}}" target="_blank" title="{{.Description}}"> [image] </a>
+				<a href="{{.URL}}" target="_blank">
+					{{if .Description}}[{{.Description}}]{{else}}[image]{{end}}
+				</a>
 				{{else}}
 				<a class="img-link" href="{{.URL}}" target="_blank" title="{{.Description}}">
-					<img class="status-image" src="{{.URL}}" alt="status-image" height="240" />
+					<img class="status-image" src="{{.PreviewURL}}" alt="status-image" height="240" />
 					{{if (and $.Ctx.MaskNSFW $s.Sensitive)}}
 					<div class="status-nsfw-overlay"></div>
 					{{end}}
@ -103,7 +110,9 @@

 				{{else if eq .Type "audio"}}
 				{{if $.Ctx.HideAttachments}}
-				<a href="{{.URL}}" target="_blank" title="{{.Description}}"> [audio] </a>
+				<a href="{{.URL}}" target="_blank">
+					{{if .Description}}[{{.Description}}]{{else}}[audio]{{end}}
+				</a>
 				{{else}}
 				<audio class="status-audio" controls title="{{.Description}}">
 					<source src="{{.URL}}">
@ -113,7 +122,9 @@

 				{{else if eq .Type "video"}}
 				{{if $.Ctx.HideAttachments}}
-				<a href="{{.URL}}" target="_blank" title="{{.Description}}"> [video] </a>
+				<a href="{{.URL}}" target="_blank">
+					{{if .Description}}[{{.Description}}]{{else}}[video]{{end}}
+				</a>
 				{{else}}
 				<div class="status-video-container" title="{{.Description}}">
 					<video class="status-video" controls height="240">
@ -127,7 +138,9 @@
 				{{end}}

 				{{else}}
-				<a href="{{.URL}}" target="_blank" title="{{.Description}}"> [attachment] </a>
+				<a href="{{.URL}}" target="_blank"> 
+					{{if .Description}}[{{.Description}}]{{else}}[attachment]{{end}}
+				</a>
 				{{end}}
 				{{end}}
 			</div>
@ -135,16 +148,17 @@
 			{{if .Poll}}
 			<form class="poll-form" action="/vote/{{.Poll.ID}}" method="POST" target="_self">
 				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 				<input type="hidden" name="status_id" value="{{$s.ID}}">
 				{{range $i, $o := .Poll.Options}}
 				<div class="poll-option">
 					{{if (or $s.Poll.Expired $s.Poll.Voted)}}
-					<div> {{$o.Title}} - {{$o.VotesCount}} votes </div>
+					<div> {{EmojiFilter (html $o.Title) $s.Emojis}} - {{$o.VotesCount}} votes </div>
 					{{else}}
 					<input type="{{if $s.Poll.Multiple}}checkbox{{else}}radio{{end}}" name="choices" 
 						id="poll-{{$s.ID}}-{{$i}}" value="{{$i}}">
 					<label for="poll-{{$s.ID}}-{{$i}}"> 
-						{{$o.Title}} 
+						{{EmojiFilter (html $o.Title) $s.Emojis}} 
 					</label>
 					{{end}}
 				</div>
@ -179,28 +193,25 @@
 					</a>
 				</div>
 				<div class="status-action">
-					{{if or (eq .Visibility "private") (eq .Visibility "direct")}}
-					<a class="status-retweet" href="" title="this status cannot be retweeted"> 
-						retweet
-					</a>
-					{{else}}
 					{{$rt := "retweet"}} {{if .Reblogged}} {{$rt = "unretweet"}} {{end}}
 					<form class="status-retweet" data-action="{{$rt}}" action="/{{$rt}}/{{.ID}}" method="post" target="_self">
 						<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+						<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 						<input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}">
-						<input type="submit" value="{{$rt}}" class="btn-link">
+						<input type="submit" value="{{$rt}}" class="btn-link" 
+							{{if or (eq .Visibility "private") (eq .Visibility "direct")}}title="this status cannot be retweeted" disabled{{end}}>
 						<a class="status-retweet-count" href="/retweetedby/{{.ID}}" title="click to see the the list"> 
 							{{if and (not $.Ctx.AntiDopamineMode) .ReblogsCount}}
 								({{DisplayInteractionCount .ReblogsCount}})
 							{{end}}
 						</a>
 					</form>
-					{{end}}
 				</div>
 				<div class="status-action">
 					{{$like := "like"}} {{if .Favourited}} {{$like = "unlike"}} {{end}}
 					<form class="status-like" data-action="{{$like}}" action="/{{$like}}/{{.ID}}" method="post" target="_self">
 						<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+						<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 						<input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}">
 						<input type="submit" value="{{$like}}" class="btn-link">
 						<a class="status-like-count" href="/likedby/{{.ID}}" title="click to see the the list"> 
--- a/templates/thread.tmpl
+++ b/templates/thread.tmpl
@ -1,6 +1,9 @@
 {{with $s := .Data}}
 {{template "header.tmpl" (WithContext .CommonData $.Ctx)}}
-<div class="page-title"> Thread </div>
+<div class="notification-title-container">
+	<span class="page-title"> Thread </span>
+	<a class="notification-refresh" href="{{$.Ctx.Referrer}}" accesskey="T" title="Refresh (T)">refresh</a>
+</div>

 {{range .Statuses}}

--- a/templates/timeline.tmpl
+++ b/templates/timeline.tmpl
@ -2,6 +2,16 @@
 {{template "header.tmpl" (WithContext .CommonData $.Ctx)}}
 <div class="page-title"> {{.Title}} </div>

+{{if eq .Type "remote"}}
+<form class="search-form" action="/timeline/remote" method="GET">
+	<span class="post-form-field">
+		<label for="instance"> Instance </label>
+		<input id="instance" name="instance" value="{{.Instance}}">
+	</span>
+	<button type="submit"> Submit </button>
+</form>
+{{end}}
+
 {{range .Statuses}}
 {{template "status.tmpl" (WithContext . $.Ctx)}}
 {{end}}
--- a/templates/user.tmpl
+++ b/templates/user.tmpl
@ -5,8 +5,8 @@
 <div class="user-info-container">
 <div>
 	<div class="user-profile-img-container">
-		<a class="img-link" href="{{.User.AvatarStatic}}" target="_blank">
-			<img class="user-profile-img" src="{{.User.AvatarStatic}}" alt="profile-avatar" height="96" />
+		<a class="img-link" href="{{.User.Avatar}}" target="_blank">
+			<img class="user-profile-img" src="{{.User.Avatar}}" alt="profile-avatar" height="96" />
 		</a>
 	</div>
 	<div class="user-profile-details-container">
@ -23,11 +23,13 @@
 			{{if .User.Pleroma.Relationship.Following}} 
 			<form class="d-inline" action="/unfollow/{{.User.ID}}" method="post">
 				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 				<input type="submit" value="unfollow" class="btn-link">
 			</form>
 			{{else}}
 			<form class="d-inline" action="/follow/{{.User.ID}}" method="post">
 				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 				<input type="submit" value="{{if .User.Pleroma.Relationship.Requested}}resend request{{else}}follow{{end}}" class="btn-link">
 			</form>
 			{{end}}
@ -35,6 +37,7 @@
 			-
 			<form class="d-inline" action="/unfollow/{{.User.ID}}" method="post">
 				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 				<input type="submit" value="cancel request" class="btn-link">
 			</form>
 			{{end}}
@ -42,11 +45,13 @@
 			{{if .User.Pleroma.Relationship.Subscribing}}
 			<form class="d-inline" action="/unsubscribe/{{.User.ID}}" method="post">
 				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 				<input type="submit" value="unsubscribe" class="btn-link">
 			</form>
 			{{else}}
 			<form class="d-inline" action="/subscribe/{{.User.ID}}" method="post">
 				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 				<input type="submit" value="subscribe" class="btn-link">
 			</form>
 			{{end}}
@ -55,11 +60,13 @@
 			{{if .User.Pleroma.Relationship.Blocking}}
 			<form class="d-inline" action="/unblock/{{.User.ID}}" method="post">
 				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 				<input type="submit" value="unblock" class="btn-link">
 			</form>
 			{{else}}
 			<form class="d-inline" action="/block/{{.User.ID}}" method="post">
 				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 				<input type="submit" value="block" class="btn-link">
 			</form>
 			{{end}}
@ -67,11 +74,13 @@
 			{{if .User.Pleroma.Relationship.Muting}}
 			<form class="d-inline" action="/unmute/{{.User.ID}}" method="post">
 				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 				<input type="submit" value="unmute" class="btn-link">
 			</form>
 			{{else}}
 			<form class="d-inline" action="/mute/{{.User.ID}}" method="post">
 				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 				<input type="submit" value="mute" class="btn-link">
 			</form>
 			{{end}}
@ -80,11 +89,13 @@
 			{{if .User.Pleroma.Relationship.ShowingReblogs}}
 			<form class="d-inline" action="/follow/{{.User.ID}}?reblogs=false" method="post">
 				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 				<input type="submit" value="hide retweets" class="btn-link">
 			</form>
 			{{else}}
 			<form class="d-inline" action="/follow/{{.User.ID}}" method="post">
 				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="hidden" name="referrer" value="{{$.Ctx.Referrer}}">
 				<input type="submit" value="show retweets" class="btn-link">
 			</form>
 			{{end}}
@ -99,19 +110,24 @@
 		</div>
 		{{if .IsCurrent}}
 		<div>
-			<a href="/user/{{.User.ID}}/bookmarks"> bookmarks </a> -
-			<a href="/user/{{.User.ID}}/likes"> likes </a> -
-			<a href="/user/{{.User.ID}}/mutes"> mutes </a> -
-			<a href="/user/{{.User.ID}}/blocks"> blocks </a>
+			<a href="/user/{{.User.ID}}/bookmarks"> bookmarks </a>
+			- <a href="/user/{{.User.ID}}/likes"> likes </a>
+			- <a href="/user/{{.User.ID}}/mutes"> mutes </a>
+			- <a href="/user/{{.User.ID}}/blocks"> blocks </a>
+			{{if .User.Locked}}- <a href="/user/{{.User.ID}}/requests"> requests </a>{{end}}
 		</div>
 		{{end}}
 		<div>
 			<a href="/usersearch/{{.User.ID}}"> search statuses </a>
+			{{if .IsCurrent}} - <a href="/filters"> filters </a> {{end}}
 		</div>
 	</div>
 	<div class="user-profile-decription">
 	{{EmojiFilter .User.Note .User.Emojis}}
 	</div>
+	{{if .User.Fields}}{{range .User.Fields}}
+	<div>{{.Name}} - {{.Value}}</div>
+	{{end}}{{end}}
 </div>
 </div>

@ -162,6 +178,10 @@
 {{else if eq .Type "blocks"}}
 <div class="page-title"> Blocks </div>
 {{template "userlist.tmpl" (WithContext .Users $.Ctx)}}
+
+{{else if eq .Type "requests"}}
+<div class="page-title"> Follow requests </div>
+{{template "requestlist.tmpl" (WithContext .Users $.Ctx)}}
 {{end}}

 <div class="pagination">
--- a/templates/userlist.tmpl
+++ b/templates/userlist.tmpl
@ -4,7 +4,7 @@
 	<div class="user-list-item">
 		<div class="user-list-profile-img">
 			<a class="img-link" href="/user/{{.ID}}">
-				<img class="status-profile-img" src="{{.AvatarStatic}}" title="@{{.Acct}}" alt="avatar" height="48" />
+				<img class="status-profile-img" src="{{.Avatar}}" title="@{{.Acct}}" alt="avatar" height="48" />
 			</a>
 		</div>
 		<div class="user-list-name">
--- a/templates/usersearch.tmpl
+++ b/templates/usersearch.tmpl
@ -5,7 +5,7 @@
 <form class="search-form" action="/usersearch/{{.User.ID}}" method="GET">
 	<span class="post-form-field>
 		<label for="query"> Query </label>
-		<input id="query" name="q" value="{{.Q}}">
+		<input id="query" name="q" value="{{.Q | html}}">
 	</span>
 	<button type="submit"> Search </button>
 </form>
Author	SHA1	Message	Date
r	44d4b0d379	Fix css box and emoji list style	2021-05-30 07:03:29 +00:00
r	7c7ab09d51	Add refresh thread accesskey on /about	2021-05-30 07:02:48 +00:00
r	5d42e59c7f	Hide post format setting in case of empty list	2021-05-30 07:01:54 +00:00
r	07978649f1	Fix retweet button for private/direct post	2021-05-30 06:59:34 +00:00
r	045be151bd	Fix emojis	2021-05-10 13:29:18 +00:00
r	469f2d1d25	Fix HTML escaping	2021-04-23 10:19:09 +00:00
r	bd74cb50e7	Add image preview popup	2021-04-09 12:28:03 +00:00
r	c7e130e305	Fix animated avatars	2021-04-07 06:55:11 +00:00
r	69dc1b59a4	Use preview url for images	2021-04-07 05:21:53 +00:00
r	76c5baef6a	Add option for user CSS	2021-04-03 09:24:39 +00:00
r	a82745175e	Add refresh button on thread page	2021-04-03 07:41:14 +00:00
r	2cb6a515ac	Update error page - Add retry button for GET requests - Only show signin button when it's a session error	2021-04-03 06:40:32 +00:00
r	089d4ac500	Update Makefile - Respect $DESTDIR - Fix uninstall target	2021-04-02 18:00:21 +00:00
r	e31e9da667	Display Mastadon fields on user page	2021-03-29 05:31:41 +00:00
r	6c5de76562	Refactor	2021-03-28 16:12:41 +00:00
r	6ddcb16694	Add username to page title Makes it easier to search a user page in browser history	2021-01-30 16:55:55 +00:00
r	4f1425febf	Add filters	2021-01-30 16:53:57 +00:00
r	3ac95ab3b1	Use attachment file name as description Pleroma 2 no longer does it automatically.	2021-01-23 09:08:46 +00:00
r	ac342dde07	Add remote timeline	2021-01-23 08:44:05 +00:00
r	eca0366c21	Simplify timeline pagination	2021-01-23 07:02:12 +00:00
r	ace344b66a	Change default theme colors	2021-01-17 08:55:19 +00:00
r	f4620a8c69	Make redirection work without Referer header	2021-01-17 05:44:07 +00:00
r	e8bfd3093b	Fix unread notification indicator	2021-01-16 18:30:23 +00:00
r	3f776ee8c8	Show attachment file name instead of the type	2021-01-16 18:03:47 +00:00
r	17f02deff7	Show emojis in poll options	2021-01-16 10:38:32 +00:00
r	87e31dbd66	Make like/retweet notification content semi-transparent	2021-01-16 10:25:34 +00:00
r	2bb6ba8e1d	Add reset button	2021-01-16 09:49:24 +00:00
r	e7d24cfa80	Add fallback notification	2021-01-16 09:49:24 +00:00
r	91f68ccfb3	Add follow request support	2021-01-16 09:49:15 +00:00
r	384179e518	Fix user info	2021-01-16 05:46:51 +00:00