Commit Graph

72 Commits

Author SHA1 Message Date
Max Wu 1743a97c22 Fix possible MathJax XSS issue [Security Issue]
see more at: http://docs.mathjax.org/en/latest/safe-mode.html

Signed-off-by: Max Wu <jackymaxj@gmail.com>
2019-03-03 18:32:58 +08:00
Sheogorath bcebf1e8d2
Update reveal.js to version 3.7.0
There is a new reveal.js version out. As we try to keep up with
upstream, time to integreate it.

This patch updates reveal.js in for CDN-using instances as well as the
ones using the libraries.

Checked that speaker view in slide mode still works, so no CSP change
needed.

https://github.com/hakimel/reveal.js/releases/tag/3.7.0
2d241b9300/lib/csp.js (L72-L74)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 22:31:05 +01:00
Claudius 44ffc564da removing global site layout vars from individual routers, putting them into app.local
Signed-off-by: Claudius <opensource@amenthes.de>
2018-11-03 00:52:48 +01:00
Sheogorath 1d452a6ed4
Remove dead package octicon
Octicon no longer provides its CSS classes and this way is useless in
CodiMD. Replacing all used classes in the UI and remove it from build
system.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-10 23:42:41 +02:00
Sheogorath 5212bbf9c4
Replace font-awesome with fork-awesome
This patch replaces font-awesome with its fork called fork-awesome.
Besides the fact that the newer versions of font-awesome can't be
shipped with distros like debian due to license issues, fork-awesome
also provides more FOSS related icons and builds on top of version 4.7.x
of font-awesome, which we used until this patch.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-05 21:52:08 +02:00
Sheogorath 1812b1aaca
Update highlight.js
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:34 +02:00
Sheogorath b6e1144627
Update to octicon 4.4.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-30 16:52:33 +02:00
Sheogorath 04d16e4d6e
Add Print icon to slide view
It redirects the user to the print view of the document. I claim that
people should either be smart enough to use ctrl+P or ask someone who
knows how to print a webpage. I don't want to babysit our users.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 23:50:38 +02:00
Sheogorath ed5353d13a
Move polyfill to CDN section
We don't support it on CDN false instances, but it doesn't hurt to keep
it in for CDN-enabled instances

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-18 01:26:11 +02:00
Wu Cheng-Han 3c473e60a6 Upgrade reveal.js to 3.6.0 and useCDN option for CSS include 2018-01-29 13:09:52 +08:00
Christoph (Sheogorath) Kern 7de6e3211f
Merge pull request #598 from xxyy/feature/csp
Implement basic CSP support
2018-01-22 20:43:46 +01:00
Peter Dave Hello f896432250 Upgrade mermaid to v7.1.0, fix #600 2017-10-30 00:18:53 +08:00
Literallie af935e46fc
Externalise trivial inline styles from slide.ejs
Dynamic background images need some further work
2017-10-23 23:39:18 +02:00
Literallie 4238b9b3ef
Fix MathJax CSP issues 2017-10-22 00:03:45 +02:00
Literallie 080436aebb
CSP: Add nonce to slide view inline JS 2017-10-22 00:03:45 +02:00
butlerx e5834c077f
add the ability to set slide theme in slide options 2017-05-31 23:28:43 +01:00
Max Wu 450159a462 Merge pull request #427 from PeterDaveHello/fix-indent
Fix indent in views, shouldn't mix tabs with spaces
2017-04-18 10:41:58 +08:00
Peter Dave Hello 5f3fe5c62c Fix indent in views, shouldn't mix tabs with spaces 2017-04-18 05:24:04 +08:00
Peter Dave Hello 08c0a0392c Use abcjs on cdnjs, cc @jackycute 2017-04-18 05:19:19 +08:00
Wu Cheng-Han 10a7a9b37e Update to use CDN css for emojify.js when applicable 2017-03-21 00:27:58 +08:00
Wu Cheng-Han 6c87262bd9 Fix to use minified CDN file source in mermaid 2017-02-02 23:40:55 +08:00
Wu Cheng-Han d5008b7aeb Update viz.js and mermaid CDN links 2017-02-02 23:37:20 +08:00
Wu Cheng-Han a669c201be Fix template partial path 2017-01-21 14:04:54 +08:00
Wu Cheng-Han 09a7bcbdef Refactor templates and rearrange its path 2017-01-21 13:08:29 +08:00
Wu Cheng-Han 276d500406 Upgrade dependencies 2016-12-19 16:20:27 +08:00
Wu Cheng-Han c59b4cb883 Update webpack and slide resource loading to reduce pack size 2016-11-29 00:44:29 +08:00
Wu Cheng-Han 47d5efb29e Fix slide resource path and style load orders to avoid conflicts 2016-11-29 00:44:15 +08:00
Wu Cheng-Han efd62bd1ca Optimize slide page resource packing and load orders, fix possible wrong chunks orders and font awesome version 2016-11-26 23:24:59 +08:00
Wu Cheng-Han 9d4ede4cff Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue] 2016-11-26 22:55:31 +08:00
Wu Cheng-Han f86a9e0c4b Fix slide might trigger script when processing markdown which cause XSS [Security Issue] 2016-11-26 22:46:08 +08:00
Wu Cheng-Han 1ba46c95fb Update to separate polypill for IE to a template 2016-11-26 22:38:18 +08:00
Wu Cheng-Han 793aef0e2e Fix syntax highlighting not apply correctly in slides 2016-11-07 21:27:58 +08:00
Max Wu 8c5a5a0712 Merge pull request #243 from Yukaii/google-font-optional-cdn
Google font optional cdn
2016-11-04 13:08:59 +08:00
Wu Cheng-Han 2167570c11 Fix slide highlighting styles not apply properly and add missing styles dependency of prism in html export 2016-11-04 13:04:00 +08:00
Yukai Huang 0b45312834 Add font css to templates 2016-11-03 14:51:28 +08:00
Yukai Huang 3e23009663 Require slide mode stylesheets 2016-11-02 11:59:45 +08:00
Wu Cheng-Han 70d2fa388e Fix slide export pdf styles not applied issue and add shiv and shim for IE 2016-10-29 23:35:10 +08:00
Wu Cheng-Han b6ce7a6ab1 Update mathjax cdn path and source path 2016-10-25 01:57:51 +08:00
Wu Cheng-Han e6dfc749f6 Fix config.js use cdn option not parse properly and add missing cdn resources 2016-10-23 22:42:47 +08:00
Wu Cheng-Han 0aa306685d Fix some typo of PR #230 2016-10-23 21:58:53 +08:00
Peter Dave Hello 58b2cff4ec Use CDNJS by default with https and SRI support 2016-10-23 13:31:25 +08:00
Wu Cheng-Han d70d0318e5 Fix to use bower version emojify.js 2016-10-19 22:12:12 +08:00
Wu Cheng-Han 7d79e7762f Merge branch 'master' of https://github.com/jackycute/HackMD 2016-10-18 16:53:44 +08:00
Wu Cheng-Han d44e830366 Update emoji parser using markdown-it-emoji instead of emojify to solve issue #217 2016-10-18 16:50:58 +08:00
Yukai Huang d9f55e4984 Add missing tooltip script 2016-10-18 12:57:20 +08:00
Yukai Huang 4c1109b70b Move gist-embed to CDN 2016-10-14 09:56:19 +08:00
Yukai Huang 142b4c6771 Move highlight.js to CDN 2016-10-14 09:21:41 +08:00
Yukai Huang 47b113d9fe Add handlebars script tag 2016-10-13 16:45:52 +08:00
Yukai Huang 440ad3506c Fix lastchangeui and moment timestamps 2016-10-13 15:13:03 +08:00
Yukai Huang 773c0ce39e Optimize common assets with CDN
* jquery
* lodash
* socket.io
* boostrap
2016-10-13 11:42:17 +08:00