hedgedoc, branch cindy Hedgedoc with support for CindyScript Add simple support for cindyjs 2021-05-17T18:12:50+00:00 stuebinm 2021-03-09T00:23:23+00:00 b0f98a43381486995b99ed79e0eabb3af149dbf3 Notably, the error output (in case of compiler errors) is generated by overwriting the builtin console.error-function, which is a horrible idea for many reasons, but there isn't really any other way right now. 
Notably, the error output (in case of compiler errors) is generated
by overwriting the builtin console.error-function, which is a horrible
idea for many reasons, but there isn't really any other way right now.
Merge pull request #1267 from hedgedoc/release/1.8.2 2021-05-11T19:41:11+00:00 David Mehren 2021-05-11T19:41:11+00:00 8b374d8c1972db2b09126e8f9cc10384552abf29 






Bump version to 1.8.2
2021-05-11T19:28:10+00:00

David Mehren

2021-05-11T19:09:03+00:00

32e31ac1e3751c47985269890580561cf452c270

Signed-off-by: David Mehren <git@herrmehren.de>





Signed-off-by: David Mehren <git@herrmehren.de>







Add release notes for 1.8.2
2021-05-11T19:28:10+00:00

David Mehren

2021-05-11T17:42:57+00:00

81d73b2db9e0d9bc938e242bb57bd45d948ce4f4

Signed-off-by: David Mehren <git@herrmehren.de>





Signed-off-by: David Mehren <git@herrmehren.de>







Merge pull request from GHSA-gjg7-4j2h-94fq
2021-05-11T19:13:25+00:00

David Mehren

2021-05-11T19:13:25+00:00

01dad5821ee28377ebe640c6c72c3e0bb0d51ea7

Fix XSS in Open Graph & User metadata




Fix XSS in Open Graph & User metadata






Merge pull request #1259 from hedgedoc/renovate/master-lock-file-maintenance
2021-05-11T17:42:43+00:00

David Mehren

2021-05-11T17:42:43+00:00

4cc9b3abe5f4ee55764fbdb6602f8133e4d73e53

Lock file maintenance (master)




Lock file maintenance (master)






Lock file maintenance
2021-05-11T17:15:20+00:00

Renovate Bot

2021-05-11T17:15:20+00:00

716808fa956d6a6345880382070114764f9d9608

Signed-off-by: Renovate Bot <bot@renovateapp.com>





Signed-off-by: Renovate Bot <bot@renovateapp.com>







Merge pull request #1263 from hedgedoc/renovate/master-mermaid-8.x
2021-05-11T17:13:35+00:00

David Mehren

2021-05-11T17:13:35+00:00

65bf66adc3305d93e538fe3c368b0c7368666505

Update dependency mermaid to v8.10.1 (master)




Update dependency mermaid to v8.10.1 (master)






Update dependency mermaid to v8.10.1
2021-05-10T17:39:12+00:00

Renovate Bot

2021-05-10T17:39:12+00:00

0b997b540ad646df74c323ca33a89c14989ae947

Signed-off-by: Renovate Bot <bot@renovateapp.com>





Signed-off-by: Renovate Bot <bot@renovateapp.com>







Sanitize username and photo URL
2021-05-09T17:28:44+00:00

David Mehren

2021-05-09T13:35:06+00:00

f552b14e11761a73237b3b3834827dde151b8b28

HedgeDoc displays the username and user photo at various places
by rendering the respective variables into an `ejs` template.
As the values are user-provided or generated from user-provided data,
it may be possible to inject unwanted HTML.

This commit sanitizes the username and photo URL by passing them
through the `xss` library.

Co-authored-by: Christoph (Sheogorath) Kern <sheogorath@shivering-isles.com>
Signed-off-by: David Mehren <git@herrmehren.de>





HedgeDoc displays the username and user photo at various places
by rendering the respective variables into an `ejs` template.
As the values are user-provided or generated from user-provided data,
it may be possible to inject unwanted HTML.

This commit sanitizes the username and photo URL by passing them
through the `xss` library.

Co-authored-by: Christoph (Sheogorath) Kern <sheogorath@shivering-isles.com>
Signed-off-by: David Mehren <git@herrmehren.de>