Commit Graph

973 Commits

Author SHA1 Message Date
Max Wu dd267096c9 fix: use lodash escapeHTML
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2019-07-28 20:04:41 +08:00
Max Wu a7082633aa Upgrade mermaid to 8.2.3
to avoid XSS inside the svg tag

Signed-off-by: Max Wu <jackymaxj@gmail.com>
2019-07-28 20:04:41 +08:00
Max Wu 76c7b70246 Merge branch 'master' into develop
# Conflicts:
#	README.md
2019-07-28 19:47:08 +08:00
Max Wu 8947c89da5 Update links of Gitter, POEditor and Travis CI 2019-07-28 19:00:17 +08:00
Yukai Huang f3a3c14aca
Merge branch 'develop' into feature/slides-spotlight 2019-06-27 17:37:16 +08:00
Yukai Huang e315127d31
Merge branch 'master' into feature/slides-timer 2019-06-26 11:39:22 +08:00
Yukai Huang d5a5ebc4d0
Merge branch 'master' into feature/slides-spotlight 2019-06-26 11:39:19 +08:00
BoHong Li 6c137ae6ed
fix: mattermost has been deprecated, use mattermost-redux instead it.
1. change mattermost color and gitlab color to official color
2. Add mattermost icon because Fork-awesome/font-awesome doesn’t provide mattermost icon

Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-15 13:03:31 +08:00
Max Wu fbb18b6e0a Fix stored XSS in the graphviz error message rendering [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2019-04-14 12:12:02 -04:00
BoHong Li b0dee3ee14
refactor: fix lint warning on public/js/lib/common/login.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:45 +08:00
BoHong Li bf727b5878
refactor: fix lint warning on public/js/lib/editor/utils.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:25 +08:00
BoHong Li 45ba0c646d
refactor: fix lint warning on public/js/syncscroll.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:25 +08:00
BoHong Li e564c40b4d
refactor: fix lint warning on public/js/cover.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:25 +08:00
BoHong Li d387cac690
refactor: fix lint warning on public/js/extra.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:25 +08:00
BoHong Li 0498dc70e8
refactor: fix lint warning on public/js/history.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:24 +08:00
BoHong Li 573501389a
refactor: fix lint warning on public/js/index.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:24 +08:00
BoHong Li a40a8bfc02
refactor: fix lint warning on public/js/pretty.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:24 +08:00
BoHong Li 33fcfd416d
refactor: fix lint warning on public/js/render.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:23 +08:00
BoHong Li 73bc7ae8e6
refactor: fix lint warning on public/js/slide.js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:23 +08:00
BoHong Li 4ae1c0ab3e
refactor: replace lz-string with @hackmd/lz-string
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:22 +08:00
BoHong Li 67707d097f
fix: remove string.js for sucurity issue
1. Upgrade Imgur to fix npm install
2. Upgrade less version for security
3. Change package name in package.json to fit npm package.json rule

Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:22 +08:00
BoHong Li 56d86ee25e
fix: lint error
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-12 18:00:21 +08:00
BoHong Li f915957a4f
refactor: replace js-url with wurl (original version of js-url)
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-11 19:35:12 +08:00
BoHong Li 628e679916
refactor: replace Idle.js to @hackmd/idle-js
Signed-off-by: BoHong Li <a60814billy@gmail.com>
2019-04-11 18:30:20 +08:00
PastLeo 9696e60248
add reveal.js-elapsed-time-bar
Signed-off-by: PastLeo <chgu82837@gmail.com>
2019-04-05 15:53:23 +08:00
PastLeo 5621d45bf9
add spotlight dep for slides mode
Signed-off-by: PastLeo <chgu82837@gmail.com>
2019-04-05 15:17:48 +08:00
Sheogorath 50c80c99a4
Release version 1.3.1
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-23 13:27:39 +01:00
Christoph (Sheogorath) Kern 992f02c294
Merge pull request #1158 from SISheogorath/feature/serbianLanguage
Add serbian language
2019-03-16 19:58:45 +01:00
Christoph (Sheogorath) Kern 27ba5f910d
Merge pull request #1166 from SISheogorath/fix/exportEmojis
Fix broken HTML export with emojis
2019-03-13 11:50:50 +01:00
Sheogorath 5e634aef87
Fix possible order changes for 'Powered by' in other languages
Since not all languages use the same word oder and we run into potential
issues, where the translation of powered by need to add something after
the CodiMD link, this should give us the needed flexiblity.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-10 01:43:13 +01:00
Christoph (Sheogorath) Kern 1ffc492442
Merge pull request #1076 from SISheogorath/fix/translation
Add some missing translations
2019-03-10 01:32:20 +01:00
Sheogorath 982775f6dc
Fix broken HTML export with emojis
HTML export was broken due to missing alt-attribute for emojis.

This patch adds the old alt-element style and restores the exportability
this way.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-09 15:04:07 +01:00
Sheogorath 20d1f17d2c
Add serbian language
Thanks for the work of the translator Vladan we got a serbian
translation added! Those few changes will add serbian language support
for future CodiMD releases.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-04 13:21:01 +01:00
Sheogorath 87443dec5f
Release version 1.3.0
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-04 12:37:00 +01:00
Max Wu 1743a97c22 Fix possible MathJax XSS issue [Security Issue]
see more at: http://docs.mathjax.org/en/latest/safe-mode.html

Signed-off-by: Max Wu <jackymaxj@gmail.com>
2019-03-03 18:32:58 +08:00
Sheogorath 1f0fb12755
Fix CI errors for unused variables
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-02-21 01:36:39 +01:00
Sheogorath c5ca7b634a
Remove broken speakerdeck embedding
The current speakerdeck implementation is broken. An alternative
implementation using oembed doesn't work due to CORS, which could be
solved by proxying the speakerdeck API, but we decided to not do this.

This patch provides the link to the speakerdeck presentation instead,
and this way doesn't break existing notes. This is right now the best
solution we could come up with.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-02-21 01:26:37 +01:00
Sheogorath 62477f0279
Update bootstrap from 3.3.7 to 3.4.0
Seems like finally there is a new bootstrap version for old version 3.

This patch implements this new version with CodiMD and this way fixes
some possible security issues in the frontend code.

See:
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-01-11 01:56:52 +01:00
Max Wu 067cfe2d1e Fix to escape html comment tag [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-12-28 16:42:55 +08:00
Max Wu b89a35196a
Fix to sanitize disqus shortnames to remove slashes [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-12-28 16:39:13 +08:00
Sheogorath cf95465103
Update socket.io
Our socket.io version is 2.0.4 while the current socket.io version is
2.1.1.

This patch updates socket.io to version 2.1.1 and takes care of the CDN
client version.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-28 13:23:36 +01:00
Sheogorath 494a0d5f06
Add some missing translations
There are some places in our code that made it to be not translated.

This patch fixes some small translation problems and adds some static
strings in templates to translation.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-23 17:10:44 +01:00
Sheogorath 33774c11b9
Update from to-markdown to turndown
We got a security alert for a regular expression DoS attack on our used
library `to-markdown`.

After checking `to-markdown` to be maintained or not, it turned out they
renamed the library to `turndown`. So upgrading to `turndown` should fix
this vulnerbility.

References:
https://www.npmjs.com/package/to-markdown
https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-21 11:12:09 +01:00
Sheogorath bcebf1e8d2
Update reveal.js to version 3.7.0
There is a new reveal.js version out. As we try to keep up with
upstream, time to integreate it.

This patch updates reveal.js in for CDN-using instances as well as the
ones using the libraries.

Checked that speaker view in slide mode still works, so no CSP change
needed.

https://github.com/hakimel/reveal.js/releases/tag/3.7.0
2d241b9300/lib/csp.js (L72-L74)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 22:31:05 +01:00
Christoph (Sheogorath) Kern 271dff3808
Merge pull request #1043 from SISheogorath/fix/tocEmptyHead
Fix ToC breaking documents with empty h* elements
2018-11-19 21:33:34 +01:00
Sheogorath d6dd33620c
Fix wrong anchors
While experimenting with the ToC changes, it became obvious that anchors
for those unnamed headers don't work.

This patch fixes those links by running the autolinkify twice and make
sure linkify only adds links to non-empty ids.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 20:20:56 +01:00
Sheogorath 9951b7df7c
Fix ToC breaking documents with empty h* elements
Right now, the ToC has an undefined variable i that was an index in the
original ToC code. Since the major rewrite in
4fe0620853 it's a recursive function
without this index. The variable `i` was wrongly copied into its current
place from the old code.

This patch replaces the variable `i` with the index of the header
element. Fix the undefined variable problem.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 18:27:06 +01:00
Christoph (Sheogorath) Kern 4b212c8315
Merge pull request #1060 from SISheogorath/fix/indexLinks
Fixing links on index page
2018-11-18 02:46:39 +01:00
Sheogorath 71ce7921bd
Fixing links on index page
Seems like ids in Firefox are case sensitive. So linking in the current
way fails.

This patch fixes the links by using the exact matching version of the
titles on the features page.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-18 00:26:51 +01:00
Claudius Coenen 858a59529e switching to eslint for code checking
most rules degraded to WARN, so we don't go insane. This will
change over time. The aim is to conform to a common style

Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2018-11-14 23:15:36 +01:00