ep_comments_page 11.1.14 → 11.1.17

package/README.md

@@ -10,6 +10,21 @@
 pnpm run plugins install ep_comments_page
 ```
 
+## Comments in the timeslider
+
+Comments are shown **read-only** in the timeslider and in-place pad history.
+Each comment lines up with the text it annotates and only appears for the
+revisions where that text exists, so you can read the discussion as you scrub
+through history. Suggested changes are shown too, with the original text struck
+through once the change has been accepted. Toggling **Show Comments** off hides
+the comments — both the sidebar and the inline highlight — in history as well.
+
+This works on the latest Etherpad release as well as develop. Older timeslider
+bundles can't load plugin client hooks, so the read-only viewer is injected as a
+plain script and reconstructs the comment positions from the server — no core
+update required. (Reading comments while scrubbing *in-place* history on the pad
+URL additionally needs develop's in-place history mode.)
+
 ## Extra settings
 This plugin has some extra features that can be enabled by changing values on `settings.json` of your Etherpad instance.
 
@@ -40,6 +55,59 @@ To enable this feature, add the following code to your `settings.json`:
 
 **Warning**: there is a side effect when you enable this feature: a revision is created everytime the text is highlighted, resulting on apparently "empty" changes when you check your pad on the timeslider. If that is an issue for you, we don't recommend you to use this feature.
 
+### Who can edit or delete comments
+By default a comment can only be edited or deleted by the author who created it
+(verified server-side from the author's Etherpad session, so it can't be
+spoofed). To instead let **anyone with write access to the pad** edit or delete
+any comment, add the following to your `settings.json`:
+```
+"ep_comments_page": {
+  "allowAnyoneToEditComments": true
+},
+```
+
+### Let read-only viewers comment
+By default a read-only viewer cannot add comments (the add-comment button is
+hidden and the server rejects comment changes from a read-only session). To let
+read-only viewers annotate a pad without being able to edit its text, enable:
+```
+"ep_comments_page": {
+  "allowReadonlyComments": true
+},
+```
+
+### Comments in exported documents
+Comments are included when you export a pad. Each commented passage gets a
+numbered footnote marker (`[1]`, `[2]`, …) and a **Comments** section is appended
+listing each comment as `[n] author: text` (suggested changes are noted too).
+Because the markers are numbered they stay correlatable in rich formats such as
+**ODT, DOC, DOCX and PDF**, where the in-document anchor link is lost — so your
+comments are not silently dropped when you export. Plain-text (`.txt`) export
+omits comments, as the core text exporter has no extension point for them.
+
+### Author colour accent
+Each comment box shows a left-border accent in its author's colour. This is on
+by default; disable it with:
+```
+"ep_comments_page": {
+  "showAuthorColor": false
+},
+```
+
+### Floating comment button
+When text is selected, a small floating button appears next to it for quickly
+adding a comment. This is on by default; disable it with:
+```
+"ep_comments_page": {
+  "floatingCommentButton": false
+},
+```
+
+### All-comments overview
+The **Settings** pane has a "Show all comments" checkbox. Tick it to open a panel
+listing every comment in the pad; clicking an entry jumps to that comment, and it
+updates as comments are added or removed. The choice is remembered per pad.
+
 ### Disable HTML export
 By default comments are exported to HTML, but if you don't wish to do that then you can disable it by adding the following to your `settings.json`:
 ```

package/commentManager.js

@@ -1,12 +1,19 @@
 'use strict';
 
-const _ = require('underscore');
 const db = require('ep_etherpad-lite/node/db/DB');
-const log4js = require('ep_etherpad-lite/node_modules/log4js');
+const settings = require('ep_etherpad-lite/node/utils/Settings');
+const {createLogger} = require('ep_plugin_helpers/logger');
 const randomString = require('ep_etherpad-lite/static/js/pad_utils').randomString;
 const shared = require('./static/js/shared');
 
-const logger = log4js.getLogger('ep_comments_page');
+// #222: by default a comment may only be edited/deleted by its original author
+// (the restrictive behaviour introduced in #163). Setting
+// `ep_comments_page.allowAnyoneToEditComments: true` switches to the permissive
+// model where anyone with write access to the pad may edit/delete any comment.
+const anyoneMayEditComments = () =>
+  !!(settings.ep_comments_page && settings.ep_comments_page.allowAnyoneToEditComments);
+
+const logger = createLogger('ep_comments_page');
 
 exports.getComments = async (padId) => {
   // Not sure if we will encouter race conditions here..  Be careful.
@@ -23,7 +30,7 @@ exports.deleteComment = async (padId, commentId, authorId) => {
     logger.debug(`ignoring attempt to delete non-existent comment ${commentId}`);
     throw new Error('no_such_comment');
   }
-  if (comments[commentId].author !== authorId) {
+  if (!anyoneMayEditComments() && comments[commentId].author !== authorId) {
     logger.debug(`author ${authorId} attempted to delete comment ${commentId} ` +
                  `belonging to author ${comments[commentId].author}`);
     throw new Error('unauth');
@@ -78,7 +85,8 @@ exports.copyComments = async (originalPadId, newPadID) => {
   // get the comments of original pad
   const originalComments = await db.get(`comments:${originalPadId}`);
   // make sure we have different copies of the comment between pads
-  const copiedComments = _.mapObject(originalComments, (thisComment) => _.clone(thisComment));
+  const copiedComments = Object.fromEntries(
+      Object.entries(originalComments || {}).map(([id, comment]) => [id, {...comment}]));
 
   // save the comments on new pad
   await db.set(`comments:${newPadID}`, copiedComments);
@@ -141,7 +149,8 @@ exports.copyCommentReplies = async (originalPadId, newPadID) => {
   // get the replies of original pad
   const originalReplies = await db.get(`comment-replies:${originalPadId}`);
   // make sure we have different copies of the reply between pads
-  const copiedReplies = _.mapObject(originalReplies, (thisReply) => _.clone(thisReply));
+  const copiedReplies = Object.fromEntries(
+      Object.entries(originalReplies || {}).map(([id, reply]) => [id, {...reply}]));
 
   // save the comment replies on new pad
   await db.set(`comment-replies:${newPadID}`, copiedReplies);
@@ -196,7 +205,7 @@ exports.changeCommentText = async (padId, commentId, commentText, authorId) => {
     logger.debug(`ignoring attempt to edit non-existent comment ${commentId}`);
     throw new Error('no_such_comment');
   }
-  if (comments[commentId].author !== authorId) {
+  if (!anyoneMayEditComments() && comments[commentId].author !== authorId) {
     logger.debug(`author ${authorId} attempted to edit comment ${commentId} ` +
                  `belonging to author ${comments[commentId].author}`);
     throw new Error('unauth');

package/ep.json

@@ -26,6 +26,7 @@
         "eejsBlock_mySettings": "ep_comments_page/index",
         "eejsBlock_padSettings": "ep_comments_page/index",
         "eejsBlock_styles": "ep_comments_page/index",
+        "eejsBlock_timesliderScripts": "ep_comments_page/index",
         "loadSettings": "ep_comments_page/index",
         "clientVars": "ep_comments_page/index",
         "exportHtmlAdditionalTagsWithData": "ep_comments_page/exportHTML",

package/exportHTML.js

@@ -15,11 +15,27 @@ const findAllCommentUsedOn = (pad) => {
 exports.exportHtmlAdditionalTagsWithData =
   async (hookName, pad) => findAllCommentUsedOn(pad).map((name) => ['comment', name]);
 
+// Footnote-style markers for comments. Numbering them (rather than a bare "*")
+// keeps the inline reference correlatable with the comment list once the export
+// is flattened to a rich format (odt/doc/pdf) where the `#id` anchor is lost.
+// Numbering follows the comments map order so both hooks agree (#190).
+// Build a commentId -> "[n]" lookup once so per-span/per-comment marker
+// resolution is O(1) instead of an indexOf scan per call (avoids O(n^2) over
+// many comments, #190).
+const buildMarkerMap = (commentIds) => {
+  const markers = new Map();
+  commentIds.forEach((id, i) => markers.set(id, `[${i + 1}]`));
+  return markers;
+};
+
 exports.getLineHTMLForExport = async (hookName, context) => {
   if (settings.ep_comments_page && settings.ep_comments_page.exportHtml === false) return;
 
   // I'm not sure how optimal this is - it will do a database lookup for each line..
   const {comments} = await commentManager.getComments(context.padId);
+  if (!comments) return;
+  const commentIds = Object.keys(comments);
+  const markers = buildMarkerMap(commentIds);
   let hasPlugin = false;
   // Load the HTML into a throwaway div instead of calling $.load() to avoid
   // https://github.com/cheeriojs/cheerio/issues/1031
@@ -33,7 +49,7 @@ exports.getLineHTMLForExport = async (hookName, context) => {
     hasPlugin = true;
     span.append(
         $('<sup>').append(
-            $('<a>').attr('href', `#${commentId}`).text('*')));
+            $('<a>').attr('href', `#${commentId}`).text(markers.get(commentId))));
     // Replace data-comment="foo" with class="comment foo".
     if (/^c-[0-9a-zA-Z]+$/.test(commentId)) {
       span.removeAttr('data-comment').addClass('comment').addClass(commentId);
@@ -45,15 +61,27 @@ exports.getLineHTMLForExport = async (hookName, context) => {
 exports.exportHTMLAdditionalContent = async (hookName, {padId}) => {
   if (settings.ep_comments_page && settings.ep_comments_page.exportHtml === false) return;
   const {comments} = await commentManager.getComments(padId);
-  if (!comments) return;
+  if (!comments || !Object.keys(comments).length) return;
+  const commentIds = Object.keys(comments);
+  const markers = buildMarkerMap(commentIds);
   const div = $('<div>').attr('id', 'comments');
+  // A heading so the block is recognisable once flattened into odt/doc/pdf,
+  // where the surrounding markup is gone.
+  div.append($('<h2>').text('Comments'));
   for (const [commentId, comment] of Object.entries(comments)) {
-    div.append(
-        $('<p>')
-            .attr('role', 'comment')
-            .addClass('comment')
-            .attr('id', commentId)
-            .text(`* ${comment.text}`));
+    // Build "[n] author: text" with an optional suggested-change clause so the
+    // full comment survives into rich-format exports (#190). Assemble via text
+    // nodes so author/comment content can't inject markup.
+    const p = $('<p>')
+        .attr('role', 'comment')
+        .addClass('comment')
+        .attr('id', commentId);
+    const marker = markers.get(commentId);
+    const author = (comment.name && String(comment.name).trim()) || 'Anonymous';
+    let line = `${marker} ${author}: ${comment.text || ''}`;
+    if (comment.changeTo) line += ` (suggested change to: "${comment.changeTo}")`;
+    p.text(line);
+    div.append(p);
   }
   // adds additional HTML to the body, we get this HTML from the database of comments:padId
   return $.html(div);

package/index.js

@@ -4,15 +4,83 @@ const {template} = require('ep_plugin_helpers');
 
 const AttributePool = require('ep_etherpad-lite/static/js/AttributePool').default || require('ep_etherpad-lite/static/js/AttributePool');
 const Changeset = require('ep_etherpad-lite/static/js/Changeset').default || require('ep_etherpad-lite/static/js/Changeset');
-const eejs = require('ep_etherpad-lite/node/eejs/');
+const eejs = require('ep_etherpad-lite/node/eejs');
 const settings = require('ep_etherpad-lite/node/utils/Settings');
 const {Formidable} = require('formidable');
 const commentManager = require('./commentManager');
 const apiUtils = require('./apiUtils');
-const _ = require('underscore');
 const padMessageHandler = require('ep_etherpad-lite/node/handler/PadMessageHandler');
 const readOnlyManager = require('ep_etherpad-lite/node/db/ReadOnlyManager').default || require('ep_etherpad-lite/node/db/ReadOnlyManager');
+const padManager = require('ep_etherpad-lite/node/db/PadManager');
+const authorManager = require('ep_etherpad-lite/node/db/AuthorManager').default || require('ep_etherpad-lite/node/db/AuthorManager');
+
+// Resolve the authoritative authorId for a /comment socket connection from the
+// HttpOnly author-token cookie on its handshake — the same cookie core uses to
+// identify the author. The cookie is never exposed to the page, so a client
+// cannot spoof another user's authorId (#222). Returns null when it can't be
+// resolved (e.g. no token cookie), in which case authorship checks fail closed.
+// Mirrors core's PadMessageHandler cookie parsing (the socket.io handshake does
+// not run cookie-parser, so read the Cookie header directly).
+const authorIdForSocket = async (socket) => {
+  try {
+    const cookiePrefix = (settings.cookie && settings.cookie.prefix) || '';
+    const cookieHeader =
+      (socket && socket.request && socket.request.headers && socket.request.headers.cookie) || '';
+    const match = cookieHeader.split(/;\s*/).find(
+        (c) => c.split('=')[0] === `${cookiePrefix}token`);
+    if (!match) return null;
+    let token;
+    try {
+      token = decodeURIComponent(match.split('=').slice(1).join('='));
+    } catch (err) {
+      if (err instanceof URIError) return null; // malformed cookie -> treat as absent
+      throw err;
+    }
+    if (!token) return null;
+    const getAuthorId = authorManager.getAuthorId
+      ? (t) => authorManager.getAuthorId(t, {})
+      : (t) => authorManager.getAuthor4Token(t); // older cores
+    return await getAuthorId(token);
+  } catch (err) {
+    return null;
+  }
+};
+// Exported for tests (verifies author identity derives from the token cookie).
+exports.authorIdForSocket = authorIdForSocket;
+
+// Comment char-ranges per line for a given revision's atext. The timeslider on
+// older Etherpad cores can't run the plugin's client hooks, so it never paints
+// the `comment` class; this lets the client reconstruct those ranges and render
+// comments read-only there (issue #33). Returns {commentId: [{line, start, end}]}.
+const commentLocationsFromAText = (atext, apool) => {
+  const text = atext.text;
+  const out = {};
+  let charIdx = 0;
+  let line = 0;
+  let col = 0;
+  const opIter = Changeset.opIterator(atext.attribs);
+  while (opIter.hasNext()) {
+    const op = opIter.next();
+    let commentId = null;
+    Changeset.eachAttribNumber(op.attribs, (n) => {
+      if (apool.getAttribKey(n) === 'comment') commentId = apool.getAttribValue(n);
+    });
+    for (let i = 0; i < op.chars; i++) {
+      const ch = text[charIdx++];
+      if (ch === '\n') { line++; col = 0; continue; }
+      if (commentId) {
+        const ranges = out[commentId] || (out[commentId] = []);
+        const last = ranges[ranges.length - 1];
+        if (last && last.line === line && last.end === col) last.end = col + 1;
+        else ranges.push({line, start: col, end: col + 1});
+      }
+      col++;
+    }
+  }
+  return out;
+};
 const {padToggle} = require('ep_plugin_helpers/pad-toggle-server');
+const {toggle} = require('ep_plugin_helpers/settings-toggle');
 
 // Parallel User Settings + Pad Wide Settings checkboxes for comment-pane
 // visibility. Helper owns the storage, broadcast, enforce, and i18n wiring.
@@ -24,8 +92,22 @@ const commentsToggle = padToggle({
   defaultEnabled: true,
 });
 
+// #12/#5: the all-comments overview is a checkbox in the user Settings pane
+// (not a toolbar icon), built with the ep_plugin_helpers `toggle` helper —
+// cookie-persisted, default off. The client shows/hides the panel from it.
+const overviewToggle = toggle({
+  pluginName: 'ep_comments_page',
+  settingId: 'comments-overview',
+  templatePath: 'ep_comments_page/templates/commentsOverviewSetting.ejs',
+  defaultEnabled: false,
+});
+
 exports.loadSettings = commentsToggle.loadSettings;
-exports.eejsBlock_mySettings = commentsToggle.eejsBlock_mySettings;
+// Compose both settings checkboxes (Show Comments + Show all comments) into the
+// single eejsBlock_mySettings hook.
+exports.eejsBlock_mySettings = (hookName, args, cb) =>
+  commentsToggle.eejsBlock_mySettings(hookName, args, () =>
+    overviewToggle.eejsBlock_mySettings(hookName, args, cb));
 exports.eejsBlock_padSettings = commentsToggle.eejsBlock_padSettings;
 
 let io;
@@ -55,6 +137,10 @@ exports.handleMessageSecurity = async (hookName, ctx) => {
   if (dtype !== 'USER_CHANGES') return;
   // Nothing needs to be done if the user already has write access.
   if (!padMessageHandler.sessioninfos[socket.id].readonly) return;
+  // Read-only commenting is opt-in (#8). When it's off (the default), fall
+  // through without granting permission so core's normal read-only enforcement
+  // rejects the change.
+  if (!(settings.ep_comments_page && settings.ep_comments_page.allowReadonlyComments)) return;
   const pool = new AttributePool().fromJsonable(apool);
   const cs = Changeset.unpack(changeset);
   const opIter = Changeset.opIterator(cs.ops);
@@ -100,10 +186,26 @@ exports.socketio = (hookName, args, cb) => {
       return await commentManager.getCommentReplies(padId);
     }));
 
+    // Where each comment's text sits at a given revision (for the timeslider).
+    socket.on('getCommentLocations', handler(async (data) => {
+      const {padId} = await readOnlyManager.getIds(data.padId);
+      const pad = await padManager.getPad(padId);
+      const head = pad.getHeadRevisionNumber();
+      let rev = Number(data.rev);
+      if (!Number.isInteger(rev) || rev < 0 || rev > head) rev = head;
+      const atext = await pad.getInternalRevisionAText(rev);
+      return {rev, locations: commentLocationsFromAText(atext, pad.pool)};
+    }));
+
     // On add events
     socket.on('addComment', handler(async (data) => {
       const {padId} = await readOnlyManager.getIds(data.padId);
       const content = data.comment;
+      // Stamp the authoritative author server-side so a comment can't be created
+      // labelled as someone else (#222). Fall back to the supplied value when no
+      // token is resolvable (e.g. API/test contexts without the cookie).
+      const resolvedAuthor = await authorIdForSocket(socket);
+      if (content && resolvedAuthor) content.author = resolvedAuthor;
       const [commentId, comment] = await commentManager.addComment(padId, content);
       if (commentId != null && comment != null) {
         socket.broadcast.to(padId).emit('pushAddComment', commentId, comment);
@@ -113,7 +215,10 @@ exports.socketio = (hookName, args, cb) => {
 
     socket.on('deleteComment', handler(async (data) => {
       const {padId} = await readOnlyManager.getIds(data.padId);
-      await commentManager.deleteComment(padId, data.commentId, data.authorId);
+      // Authorize against the server-resolved author, never the client-supplied
+      // authorId (which is spoofable) (#222).
+      const authorId = await authorIdForSocket(socket);
+      await commentManager.deleteComment(padId, data.commentId, authorId);
       socket.broadcast.to(padId).emit('commentDeleted', data.commentId);
     }));
 
@@ -137,25 +242,33 @@ exports.socketio = (hookName, args, cb) => {
       padId = (await readOnlyManager.getIds(padId)).padId;
       const [commentIds, comments] = await commentManager.bulkAddComments(padId, data);
       socket.broadcast.to(padId).emit('pushAddCommentInBulk');
-      return _.object(commentIds, comments); // {c-123:data, c-124:data}
+      // {c-123:data, c-124:data}
+      return Object.fromEntries(commentIds.map((id, i) => [id, comments[i]]));
     }));
 
     socket.on('bulkAddCommentReplies', handler(async (padId, data) => {
       padId = (await readOnlyManager.getIds(padId)).padId;
       const [repliesId, replies] = await commentManager.bulkAddCommentReplies(padId, data);
       socket.broadcast.to(padId).emit('pushAddCommentReply', repliesId, replies);
-      return _.zip(repliesId, replies);
+      return repliesId.map((id, i) => [id, replies[i]]);
     }));
 
     socket.on('updateCommentText', handler(async (data) => {
-      const {commentId, commentText, authorId} = data;
+      const {commentId, commentText} = data;
       const {padId} = await readOnlyManager.getIds(data.padId);
+      // Authorize against the server-resolved author, never the client-supplied
+      // authorId (which is spoofable) (#222).
+      const authorId = await authorIdForSocket(socket);
       await commentManager.changeCommentText(padId, commentId, commentText, authorId);
       socket.broadcast.to(padId).emit('textCommentUpdated', commentId, commentText);
     }));
 
     socket.on('addCommentReply', handler(async (data) => {
       const {padId} = await readOnlyManager.getIds(data.padId);
+      // Stamp the authoritative author server-side (#222); fall back to the
+      // supplied value when no token is resolvable (API/test contexts).
+      const resolvedAuthor = await authorIdForSocket(socket);
+      if (data && resolvedAuthor) data.author = resolvedAuthor;
       const [replyId, reply] = await commentManager.addCommentReply(padId, data);
       reply.replyId = replyId;
       socket.broadcast.to(padId).emit('pushAddCommentReply', replyId, reply);
@@ -174,7 +287,9 @@ exports.padInitToolbar = (hookName, args, cb) => {
   const button = toolbar.button({
     command: 'addComment',
     localizationId: 'ep_comments_page.add_comment.title',
-    class: 'buttonicon buttonicon-comment-medical',
+    // `acl-write` lets Etherpad core hide the button on read-only pads
+    // (`.readonly .acl-write { display: none }`) — see issue #204.
+    class: 'buttonicon buttonicon-comment-medical acl-write',
   });
 
   toolbar.registerButton('addComment', button);
@@ -182,14 +297,11 @@ exports.padInitToolbar = (hookName, args, cb) => {
   return cb();
 };
 
-exports.eejsBlock_editbarMenuLeft = (hookName, args, cb) => {
-  // check if custom button is used
-  if (JSON.stringify(settings.toolbar).indexOf('addComment') > -1) {
-    return cb();
-  }
-  args.content += eejs.require('ep_comments_page/templates/commentBarButtons.ejs');
-  return cb();
-};
+// Skip the default toolbar button when the admin placed `addComment` in a
+// custom toolbar layout. Uses the ep_plugin_helpers template() helper.
+exports.eejsBlock_editbarMenuLeft = template('ep_comments_page/templates/commentBarButtons.ejs', {
+  skip: () => JSON.stringify(settings.toolbar).indexOf('addComment') > -1,
+});
 
 exports.eejsBlock_scripts = (hookName, args, cb) => {
   args.content += eejs.require('ep_comments_page/templates/comments.html');
@@ -200,15 +312,38 @@ exports.eejsBlock_scripts = (hookName, args, cb) => {
 exports.eejsBlock_styles =
     template('ep_comments_page/templates/styles.html');
 
+// Read-only comments in the timeslider (issue #33). Injected as plain scripts
+// rather than a client hook because older timeslider bundles can't load plugin
+// hooks. socket.io's served client is loaded first so the script has a global
+// `io`. Relative paths resolve from /p/<pad>/timeslider to the site root.
+exports.eejsBlock_timesliderScripts = (hookName, args, cb) => {
+  args.content +=
+    '<script src="../../socket.io/socket.io.js"></script>' +
+    '<script src="../../static/plugins/ep_comments_page/static/js/timeslider.js"></script>';
+  return cb();
+};
+
 exports.clientVars = async (hook, context) => {
   const displayCommentAsIcon =
     settings.ep_comments_page ? settings.ep_comments_page.displayCommentAsIcon : false;
   const highlightSelectedText =
     settings.ep_comments_page ? settings.ep_comments_page.highlightSelectedText : false;
+  // #95: the floating add-comment button is on unless an admin disables it.
+  const floatingCommentButton = !(settings.ep_comments_page &&
+    settings.ep_comments_page.floatingCommentButton === false);
+  // #6: author-colour accent is on unless an admin disables it.
+  const showAuthorColor = !(settings.ep_comments_page &&
+    settings.ep_comments_page.showAuthorColor === false);
+  // #8: read-only viewers may comment only when an admin opts in (default off).
+  const allowReadonlyComments =
+    !!(settings.ep_comments_page && settings.ep_comments_page.allowReadonlyComments);
   // Merge in the padToggle helper's clientVars block so the client-side
   // helper can read padWideSupported/initialPadEnabled/etc.
   const helperVars = await commentsToggle.clientVars(hook, context);
-  return Object.assign({displayCommentAsIcon, highlightSelectedText}, helperVars);
+  return Object.assign(
+      {displayCommentAsIcon, highlightSelectedText, floatingCommentButton, showAuthorColor,
+        allowReadonlyComments},
+      helperVars);
 };
 
 exports.expressCreateServer = (hookName, args, callback) => {

package/locales/en.json

@@ -4,8 +4,13 @@
   "ep_comments_page.add_comment.title" : "Add new comment on selection",
   "ep_comments_page.add_comment" : "Add new comment on selection",
   "ep_comments_page.add_comment.hint" : "Please first select the text to comment",
+  "ep_comments_page.comments_overview.title" : "Show all comments",
+  "ep_comments_page.comments_overview.header" : "All comments",
+  "ep_comments_page.comments_overview.empty" : "No comments yet",
   "ep_comments_page.delete_comment.title" : "Delete this comment",
   "ep_comments_page.edit_comment.title" : "Edit this comment",
+  "ep_comments_page.comment_nav.prev" : "Previous comment",
+  "ep_comments_page.comment_nav.next" : "Next comment",
   "ep_comments_page.show_comments" : "Show Comments",
   "ep_comments_page.comments_template.suggested_change" : "Suggested Change",
   "ep_comments_page.comments_template.from" : "From",

package/package.json

@@ -1,7 +1,7 @@
 {
   "description": "Adds comments on sidebar and link it to the text.  For no-skin use ep_page_view.",
   "name": "ep_comments_page",
-  "version": "11.1.14",
+  "version": "11.1.17",
   "author": {
     "name": "Nicolas Lescop",
     "email": "limplementeur@gmail.com"
@@ -23,9 +23,8 @@
   ],
   "dependencies": {
     "cheerio": "^1.2.0",
-    "ep_plugin_helpers": "^0.6.0",
-    "formidable": "^3.5.4",
-    "underscore": "^1.13.8"
+    "ep_plugin_helpers": "^0.6.7",
+    "formidable": "^3.5.4"
   },
   "devDependencies": {
     "eslint": "^8.57.1",