e7a5ea813a
Merge pull request #1587 from tamo/more-i18n
...
Move HTML-related code from JS to EJS to enable more i18n
2021-07-09 15:08:03 +08:00
620197faf7
Merge pull request #1580 from tamo/master
...
Convert "include" directives to functions
2021-07-09 15:06:06 +08:00
4b78202494
Merge pull request #1605 from tamo/patch-1
2021-07-09 15:04:18 +08:00
6b8950d235
Merge pull request #1481 from ghost/lang-attr
2021-07-09 14:59:49 +08:00
e623b72054
Merge pull request #1690 from hackmdio/feature/upgrade-mermaid-8.10.1
...
Upgrade mermaid to version 8.10.2 to avoid prototype pollution
2021-06-16 19:17:16 +08:00
16a1e82835
feat: upgrade mermaid to version 8.10.2
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2021-06-16 19:10:30 +08:00
2eefe7706f
fix: strip html tags for gist file, gist line, gist highlight line, gist show loading attrtributes
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2021-06-16 19:00:04 +08:00
6966881152
fix: strip html tags for gist id to avoid stored XSS on showing error [Security Issue]
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2021-06-16 19:00:04 +08:00
e9293b0c30
feat: add TeX mhchem extensions for MathJax
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2021-05-13 23:45:12 +08:00
ad1bfa6bc6
Update public/js/index.js
...
simplify the regex
suggested by yukaii in #1605
Co-authored-by: Yukai Huang <yukaihuangtw@gmail.com>
Signed-off-by: Tamotsu Takahashi <ttakah@gmail.com>
2021-05-13 11:41:45 +09:00
792f70504a
Update release for 2.4.0
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2021-05-11 18:52:55 +08:00
6585976e4d
Merge pull request #1588 from tamo/google-oauth-verified
2021-05-11 17:41:33 +08:00
ee1230b6f4
Merge pull request #1532 from freitagsrunde/feature/customTocLevel
...
Set TOC depth freely for every note by using YAML metadata or an option within `[toc]`
2021-05-11 17:30:31 +08:00
bec877c11c
Merge pull request #1577 from hackmdio/feature/more-editor-modes
...
Allow more syntax highlight modes in editor
2021-05-11 16:19:22 +08:00
cfe653152a
Allow more syntax highlight modes in cm
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2021-05-11 16:10:48 +08:00
025f6d2149
Merge pull request #1625 from pichouk/develop
...
Add some help strings to Prometheus metrics
2021-05-11 15:56:48 +08:00
c01a4b46ec
Merge pull request #1624 from fujexo/feature_mediawiki
...
display mediawiki export format
2021-05-11 15:37:37 +08:00
f2912efd25
As vscode-markdownlint behavior
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2021-03-12 10:45:56 +08:00
ad6f82c9f6
Dark mode linter menu
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2021-03-12 10:45:55 +08:00
f07e3f10b6
Fix invalid range
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2021-03-12 10:45:54 +08:00
7caa272175
Provide linter autofixes
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2021-03-12 10:45:54 +08:00
0fb184c2d8
Merge branch 'master' into develop
2021-01-26 01:58:26 +08:00
452f9ac124
Merge pull request #1650 from hackmdio/bugfix/fix-reveal-markdown-stored-xss
...
Fix slide mode stored XSS
2021-01-25 16:50:23 +08:00
5b4c7ef4bb
Merge pull request #1651 from hackmdio/bugfix/fix-pdf-embed-freeze-on-safari-big-sur
...
fix: avoid insert embed tag on the main thread which cause Safari on Big Sur freezing
2021-01-25 15:00:57 +08:00
14e93fdb24
Merge pull request #1652 from hackmdio/bugfix/fix-vimeo-jsonp-callback
...
fix: vimeo won't show up due to the jsonp callback data unable be parsed with jQuery
2021-01-25 15:00:40 +08:00
d74d30cc37
fix: feature section slide mode link broken
...
Signed-off-by: Raccoon <raccoon@hackmd.io>
2021-01-22 15:29:08 +08:00
2b9affbc08
fix: code style
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2021-01-21 14:35:16 +08:00
47bab4266b
fix: vimeo won't show up due to the jsonp callback data unable be parsed with jQuery
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2021-01-21 14:35:16 +08:00
a1e3768f98
fix: avoid insert embed tag on the main thread which cause Safari on Big Sur freezing
...
upgrade pdfobject to version 2.2.4
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2021-01-21 14:23:45 +08:00
c47f0f0c71
fix: remove reveal options of dependencies which allow import user defined resources [Security Issue]
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2021-01-21 13:24:48 +08:00
9291a7670a
fix: properly escape reveal markdown script tag with case-insensitive regex [Security Issue]
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2021-01-21 13:24:48 +08:00
fefe7d8e69
Update release note
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2021-01-04 17:21:01 +08:00
493b86b0de
Bump cdn mermaid version
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2021-01-04 15:11:51 +08:00
db56ef1d3d
Update pdf broken pdf link in features.md
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-30 17:49:28 +08:00
d1b4b26fe4
Update release notes
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-30 16:58:58 +08:00
4d027119f6
Merge branch 'master' into develop
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-25 16:28:10 +08:00
48f3be8ae8
Merge pull request #1632 from hackmdio/bugfix/fix-xss-in-lightbox-image-attribute
...
Fix xss issue for image lightbox
2020-12-25 16:21:52 +08:00
25119adf52
Merge pull request #1633 from hackmdio/bugfix/fix-mermaid-render-xss
...
fix: avoid eval string when putting back parsed string of mermaid
2020-12-25 16:21:40 +08:00
59fd7e71ad
Update vega cdnjs assets
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-23 12:18:27 +08:00
568355acf5
fix: properly validate mermaid syntax and handle parse error
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2020-12-21 14:56:48 +08:00
064dfb7865
fix: disable prefer-const lint rule for mermaid block text string
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2020-12-21 14:49:34 +08:00
5fee551d69
Fix fretboard title xss issue
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-21 14:25:47 +08:00
8d9a9ab0b2
fix: avoid eval string when putting back parsed string of mermaid
...
where has stored XSS issue
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2020-12-21 14:24:46 +08:00
26a2c746d3
Escape attributes in lightbox image
...
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-21 14:10:03 +08:00
fabdf36b52
Add some help strings to Prometheus metrics
...
Signed-off-by: Kyâne <kyane@kyane.fr>
2020-11-19 16:54:49 +01:00
c418a9729f
display mediawiki export format
...
Signed-off-by: Philipp Marmet (Adfinis AG) <philipp.marmet@adfinis.com>
2020-11-19 13:39:50 +01:00
ac43db80de
Fix matchInContainer false positives
...
The function should match only the beginnings of lines.
For example, see this testcase:
```
:::spoiler
here is a :::
:::
:::
```
The last line should be completed.
Without this patch, the third line is completed and the last is not.
Signed-off-by: Tamotsu Takahashi <ttakah@gmail.com>
2020-09-25 12:38:41 +09:00
ffac6450ff
Remove the semicolons
...
https://github.com/hackmdio/codimd/pull/1580#issuecomment-690241496
Signed-off-by: Tamotsu Takahashi <ttakah@gmail.com>
2020-09-11 13:33:35 +09:00
dec2f98d9b
Make "Expand all" translatable
...
Move HTML from JS to EJS
I don't know how to register i18n helper to handlebars,
so "export to raw HTML" has not been touched.
You can do the same for html.hbs if you want.
Signed-off-by: Tamotsu Takahashi <ttakah@gmail.com>
2020-09-11 12:51:08 +09:00
66fdf7b49c
Make permission and status translatable
...
Move HTML from JS to EJS.
https://github.com/hackmdio/codimd/issues/1581#issuecomment-683236111
https://github.com/hackmdio/codimd/issues/1581#issuecomment-683431173
Signed-off-by: Tamotsu Takahashi <ttakah@gmail.com>
2020-09-11 12:50:50 +09:00
Raccoon
Max Wu
TAKAHASHI Tamotsu
Yukai Huang
Kyâne
Philipp Marmet (Adfinis AG)
Tamotsu Takahashi