Max Wu
|
c47f0f0c71
|
fix: remove reveal options of dependencies which allow import user defined resources [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
2021-01-21 13:24:48 +08:00 |
Max Wu
|
9291a7670a
|
fix: properly escape reveal markdown script tag with case-insensitive regex [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
2021-01-21 13:24:48 +08:00 |
Yukai Huang
|
dd16949222
|
Merge pull request #1644 from hackmdio/bugfix/bump-mermaid-deps
Bump mermaid version
|
2021-01-04 17:01:47 +08:00 |
Yukai Huang
|
493b86b0de
|
Bump cdn mermaid version
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2021-01-04 15:11:51 +08:00 |
Yukai Huang
|
378fb7dcce
|
Bump mermaid to 8.6.4
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2021-01-04 14:15:33 +08:00 |
Yukai Huang
|
0650179881
|
Merge branch 'master' into develop
|
2020-12-31 14:24:14 +08:00 |
Yukai Huang
|
5967fef742
|
Merge pull request #1642 from hackmdio/release/2.3.0
Release 2.3.0
|
2020-12-31 14:17:11 +08:00 |
Yukai Huang
|
30e83538e6
|
Bump version in package.json
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-12-31 11:46:29 +08:00 |
Yukai Huang
|
db56ef1d3d
|
Update pdf broken pdf link in features.md
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-12-30 17:49:28 +08:00 |
Yukai Huang
|
d1b4b26fe4
|
Update release notes
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-12-30 16:58:58 +08:00 |
Yukai Huang
|
4d027119f6
|
Merge branch 'master' into develop
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-12-25 16:28:10 +08:00 |
Yukai Huang
|
48f3be8ae8
|
Merge pull request #1632 from hackmdio/bugfix/fix-xss-in-lightbox-image-attribute
Fix xss issue for image lightbox
|
2020-12-25 16:21:52 +08:00 |
Yukai Huang
|
25119adf52
|
Merge pull request #1633 from hackmdio/bugfix/fix-mermaid-render-xss
fix: avoid eval string when putting back parsed string of mermaid
|
2020-12-25 16:21:40 +08:00 |
Yukai Huang
|
8e3432a3e8
|
Merge pull request #1637 from hackmdio/bugfix/bump-vega-deps
Bump vega dependencies
|
2020-12-25 16:21:26 +08:00 |
Yukai Huang
|
562e1e06c0
|
Merge pull request #1636 from hackmdio/bugfix/check-image-mime
Check upload image mime type
|
2020-12-24 17:46:38 +08:00 |
Yukai Huang
|
de0f4588ac
|
Fix getImageMimeType mime usage
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-12-23 22:16:28 +08:00 |
Yukai Huang
|
c9e23985d3
|
Check image type from file extension
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-12-23 15:46:19 +08:00 |
Yukai Huang
|
e19e6642fb
|
Allow bmp/tiff image to be uploaded
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-12-23 15:45:49 +08:00 |
Yukai Huang
|
c1a22a5318
|
Replace hard coded impl in getImageMimeType
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-12-23 15:43:14 +08:00 |
Yukai Huang
|
59fd7e71ad
|
Update vega cdnjs assets
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-12-23 12:18:27 +08:00 |
Yukai Huang
|
312dffe21d
|
Bump vega deps
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-12-22 17:45:53 +08:00 |
Yukai Huang
|
7a88f9d95a
|
Check upload image mime type
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-12-22 16:48:13 +08:00 |
Max Wu
|
568355acf5
|
fix: properly validate mermaid syntax and handle parse error
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
2020-12-21 14:56:48 +08:00 |
Max Wu
|
064dfb7865
|
fix: disable prefer-const lint rule for mermaid block text string
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
2020-12-21 14:49:34 +08:00 |
Yukai Huang
|
5fee551d69
|
Fix fretboard title xss issue
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-12-21 14:25:47 +08:00 |
Max Wu
|
8d9a9ab0b2
|
fix: avoid eval string when putting back parsed string of mermaid
where has stored XSS issue
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
2020-12-21 14:24:46 +08:00 |
Yukai Huang
|
26a2c746d3
|
Escape attributes in lightbox image
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-12-21 14:10:03 +08:00 |
Raccoon
|
381b3ff78e
|
Merge pull request #1610 from mic4ael/fix-jsonlint
Don't run jsonlint on .vscode jsonc files
|
2020-10-23 07:41:05 +08:00 |
Michal Kolodziejski
|
6bf5e7ee72
|
Don't run jsonlint on .vscode jsonc files
Signed-off-by: Michal Kolodziejski <michal.kolodziejski@cern.ch>
|
2020-10-02 15:48:11 +02:00 |
Yukai Huang
|
cebd5e7da9
|
Merge pull request #1574 from santigl/spellcheck-en-gb-dict
Spellcheck: add en_GB dictionary
|
2020-09-10 16:14:04 +08:00 |
Yukai Huang
|
135c4ef021
|
Merge pull request #1586 from tamo/patch-1
Fix ui-edit and ui-both buttons in night mode
|
2020-09-10 15:32:06 +08:00 |
TAKAHASHI Tamotsu
|
341591d10b
|
Fix ui-edit and ui-both button in night mode
Fix #1539
Signed-off-by: Tamotsu Takahashi <ttakah@gmail.com>
|
2020-09-10 16:24:14 +09:00 |
Max Wu
|
1465355c76
|
Merge pull request #1571 from hackmdio/feature/graphviz-options
|
2020-08-14 12:41:23 +08:00 |
Yukai Huang
|
d89caac21a
|
Bump codemirror version to 5.49.8
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-08-14 12:12:24 +08:00 |
Santiago Gil
|
1585abdb84
|
Spellcheck: add en_GB dictionary
Signed-off-by: Santiago Gil <santix91@gmail.com>
|
2020-08-13 23:02:13 +01:00 |
Yukai Huang
|
cfbae54ef8
|
Allow specifying option for graphviz
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-08-13 17:46:42 +08:00 |
Yukai Huang
|
24de5a54c9
|
Merge pull request #1559 from hackmdio/feature/update-delete-note-api
Update and delete note api
|
2020-08-13 15:55:10 +08:00 |
Max Wu
|
04c22c7337
|
Merge pull request #1569 from hackmdio/feature/fretboard-improvement
|
2020-08-13 15:42:38 +08:00 |
Yukai Huang
|
038fac1e91
|
Add fretboard example and link to features.md
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-08-13 15:01:04 +08:00 |
Yukai Huang
|
ab0ac83582
|
Fix updateHistory parameter
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-08-12 18:10:39 +08:00 |
Yukai Huang
|
12b8f09d52
|
Finetune fretboard css
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-08-12 17:21:21 +08:00 |
Yukai Huang
|
94aa54b495
|
Support empty fretboard title
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
|
2020-08-12 17:19:20 +08:00 |
James Tsai
|
4792908169
|
Fix linter
Signed-off-by: James Tsai <jamesscamel@gmail.com>
|
2020-08-04 17:11:09 +08:00 |
James Tsai
|
e7a4996cbe
|
Update note title and history in update api
Signed-off-by: James Tsai <jamesscamel@gmail.com>
|
2020-08-04 16:48:33 +08:00 |
James Tsai
|
091c77bdb1
|
Refactor, change response type to json in update-api user online checking
Signed-off-by: James Tsai <jamesscamel@gmail.com>
|
2020-07-30 18:56:57 +08:00 |
James Tsai
|
04fe74d520
|
Refactor, use body parser, adjust update api content column
Signed-off-by: James Tsai <jamesscamel@gmail.com>
|
2020-07-30 18:14:10 +08:00 |
Raccoon
|
374bda0489
|
Merge pull request #1552 from MHajoha/bugfix/sequelize-cli-dynamic-config
Allow Sequelize CLI to use options set in config.json
|
2020-07-28 01:58:05 +08:00 |
James Tsai
|
53526c154a
|
Check online users, update authorships, save revisions in update note content API
Signed-off-by: James Tsai <jamesscamel@gmail.com>
|
2020-07-27 18:01:10 +08:00 |
James Tsai
|
96f8f06b00
|
Disconnect online users by delete API
Signed-off-by: James Tsai <jamesscamel@gmail.com>
|
2020-07-27 18:01:10 +08:00 |
James Tsai
|
cf1a25a627
|
Fix package-lock dependencies config
Signed-off-by: James Tsai <jamesscamel@gmail.com>
|
2020-07-27 18:01:10 +08:00 |