Commit Graph

2773 Commits

Author SHA1 Message Date
Max Wu c47f0f0c71 fix: remove reveal options of dependencies which allow import user defined resources [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2021-01-21 13:24:48 +08:00
Max Wu 9291a7670a fix: properly escape reveal markdown script tag with case-insensitive regex [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2021-01-21 13:24:48 +08:00
Yukai Huang dd16949222
Merge pull request #1644 from hackmdio/bugfix/bump-mermaid-deps
Bump mermaid version
2021-01-04 17:01:47 +08:00
Yukai Huang 493b86b0de
Bump cdn mermaid version
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2021-01-04 15:11:51 +08:00
Yukai Huang 378fb7dcce
Bump mermaid to 8.6.4
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2021-01-04 14:15:33 +08:00
Yukai Huang 0650179881
Merge branch 'master' into develop 2020-12-31 14:24:14 +08:00
Yukai Huang 5967fef742
Merge pull request #1642 from hackmdio/release/2.3.0
Release 2.3.0
2020-12-31 14:17:11 +08:00
Yukai Huang 30e83538e6
Bump version in package.json
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-31 11:46:29 +08:00
Yukai Huang db56ef1d3d
Update pdf broken pdf link in features.md
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-30 17:49:28 +08:00
Yukai Huang d1b4b26fe4
Update release notes
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-30 16:58:58 +08:00
Yukai Huang 4d027119f6
Merge branch 'master' into develop
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-25 16:28:10 +08:00
Yukai Huang 48f3be8ae8
Merge pull request #1632 from hackmdio/bugfix/fix-xss-in-lightbox-image-attribute
Fix xss issue for image lightbox
2020-12-25 16:21:52 +08:00
Yukai Huang 25119adf52
Merge pull request #1633 from hackmdio/bugfix/fix-mermaid-render-xss
fix: avoid eval string when putting back parsed string of mermaid
2020-12-25 16:21:40 +08:00
Yukai Huang 8e3432a3e8
Merge pull request #1637 from hackmdio/bugfix/bump-vega-deps
Bump vega dependencies
2020-12-25 16:21:26 +08:00
Yukai Huang 562e1e06c0
Merge pull request #1636 from hackmdio/bugfix/check-image-mime
Check upload image mime type
2020-12-24 17:46:38 +08:00
Yukai Huang de0f4588ac
Fix getImageMimeType mime usage
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-23 22:16:28 +08:00
Yukai Huang c9e23985d3
Check image type from file extension
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-23 15:46:19 +08:00
Yukai Huang e19e6642fb
Allow bmp/tiff image to be uploaded
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-23 15:45:49 +08:00
Yukai Huang c1a22a5318
Replace hard coded impl in getImageMimeType
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-23 15:43:14 +08:00
Yukai Huang 59fd7e71ad
Update vega cdnjs assets
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-23 12:18:27 +08:00
Yukai Huang 312dffe21d
Bump vega deps
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-22 17:45:53 +08:00
Yukai Huang 7a88f9d95a
Check upload image mime type
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-22 16:48:13 +08:00
Max Wu 568355acf5 fix: properly validate mermaid syntax and handle parse error
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2020-12-21 14:56:48 +08:00
Max Wu 064dfb7865 fix: disable prefer-const lint rule for mermaid block text string
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2020-12-21 14:49:34 +08:00
Yukai Huang 5fee551d69
Fix fretboard title xss issue
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-21 14:25:47 +08:00
Max Wu 8d9a9ab0b2 fix: avoid eval string when putting back parsed string of mermaid
where has stored XSS issue

Signed-off-by: Max Wu <jackymaxj@gmail.com>
2020-12-21 14:24:46 +08:00
Yukai Huang 26a2c746d3
Escape attributes in lightbox image
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-12-21 14:10:03 +08:00
Raccoon 381b3ff78e
Merge pull request #1610 from mic4ael/fix-jsonlint
Don't run jsonlint on .vscode jsonc files
2020-10-23 07:41:05 +08:00
Michal Kolodziejski 6bf5e7ee72 Don't run jsonlint on .vscode jsonc files
Signed-off-by: Michal Kolodziejski <michal.kolodziejski@cern.ch>
2020-10-02 15:48:11 +02:00
Yukai Huang cebd5e7da9
Merge pull request #1574 from santigl/spellcheck-en-gb-dict
Spellcheck: add en_GB dictionary
2020-09-10 16:14:04 +08:00
Yukai Huang 135c4ef021
Merge pull request #1586 from tamo/patch-1
Fix ui-edit and ui-both buttons in night mode
2020-09-10 15:32:06 +08:00
TAKAHASHI Tamotsu 341591d10b Fix ui-edit and ui-both button in night mode
Fix #1539

Signed-off-by: Tamotsu Takahashi <ttakah@gmail.com>
2020-09-10 16:24:14 +09:00
Max Wu 1465355c76
Merge pull request #1571 from hackmdio/feature/graphviz-options 2020-08-14 12:41:23 +08:00
Yukai Huang d89caac21a
Bump codemirror version to 5.49.8
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-08-14 12:12:24 +08:00
Santiago Gil 1585abdb84 Spellcheck: add en_GB dictionary
Signed-off-by: Santiago Gil <santix91@gmail.com>
2020-08-13 23:02:13 +01:00
Yukai Huang cfbae54ef8
Allow specifying option for graphviz
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-08-13 17:46:42 +08:00
Yukai Huang 24de5a54c9
Merge pull request #1559 from hackmdio/feature/update-delete-note-api
Update and delete note api
2020-08-13 15:55:10 +08:00
Max Wu 04c22c7337
Merge pull request #1569 from hackmdio/feature/fretboard-improvement 2020-08-13 15:42:38 +08:00
Yukai Huang 038fac1e91
Add fretboard example and link to features.md
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-08-13 15:01:04 +08:00
Yukai Huang ab0ac83582
Fix updateHistory parameter
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-08-12 18:10:39 +08:00
Yukai Huang 12b8f09d52
Finetune fretboard css
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-08-12 17:21:21 +08:00
Yukai Huang 94aa54b495
Support empty fretboard title
Signed-off-by: Yukai Huang <yukaihuangtw@gmail.com>
2020-08-12 17:19:20 +08:00
James Tsai 4792908169 Fix linter
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-08-04 17:11:09 +08:00
James Tsai e7a4996cbe Update note title and history in update api
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-08-04 16:48:33 +08:00
James Tsai 091c77bdb1 Refactor, change response type to json in update-api user online checking
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-30 18:56:57 +08:00
James Tsai 04fe74d520 Refactor, use body parser, adjust update api content column
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-30 18:14:10 +08:00
Raccoon 374bda0489
Merge pull request #1552 from MHajoha/bugfix/sequelize-cli-dynamic-config
Allow Sequelize CLI to use options set in config.json
2020-07-28 01:58:05 +08:00
James Tsai 53526c154a Check online users, update authorships, save revisions in update note content API
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-27 18:01:10 +08:00
James Tsai 96f8f06b00 Disconnect online users by delete API
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-27 18:01:10 +08:00
James Tsai cf1a25a627 Fix package-lock dependencies config
Signed-off-by: James Tsai <jamesscamel@gmail.com>
2020-07-27 18:01:10 +08:00