diff options
Diffstat (limited to 'public')
-rw-r--r-- | public/docs/features.md | 15 | ||||
-rw-r--r-- | public/js/extra.js | 11 | ||||
-rw-r--r-- | public/js/lib/editor/index.js | 2 | ||||
-rw-r--r-- | public/js/locale.js | 3 | ||||
-rw-r--r-- | public/js/render.js | 2 | ||||
-rwxr-xr-x | public/js/reveal-markdown.js | 2 | ||||
-rw-r--r-- | public/js/slide.js | 3 | ||||
-rw-r--r-- | public/views/hackmd/header.ejs | 16 | ||||
-rw-r--r-- | public/views/index/body.ejs | 9 |
9 files changed, 45 insertions, 18 deletions
diff --git a/public/docs/features.md b/public/docs/features.md index b64b988e..a894c087 100644 --- a/public/docs/features.md +++ b/public/docs/features.md @@ -47,12 +47,15 @@ or import content from your **clipboard** <i class="fa fa-clipboard"></i>, and t It is possible to change the access permission to a note through the little button on the top right of the view. There are four possible options: -<i class="fa fa-leaf fa-fw"></i> **Freely**: Anyone can edit this note. -<i class="fa fa-pencil fa-fw"></i> **Editable**: A signed-in user can edit this note. -<i class="fa fa-id-card fa-fw"></i> **Limited**: People have to sign-in to view and edit this note. -<i class="fa fa-lock fa-fw"></i> **Locked**: Anyone can view this note but only the owner can edit it. -<i class="fa fa-umbrella fa-fw"></i> **Protected**: People have to sign-in to view this note but only owner can edit. -<i class="fa fa-hand-stop-o fa-fw"></i> **Private**: Only the owner can view and edit this note. +| |Owner read/write|Signed-in read|Signed-in write|Guest read|Guest write| +|:-----------------------------|:--------------:|:------------:|:-------------:|:--------:|:---------:| +|<span class="text-nowrap"><i class="fa fa-leaf fa-fw"></i> **Freely**</span> |✔|✔|✔|✔|✔| +|<span class="text-nowrap"><i class="fa fa-pencil fa-fw"></i> **Editable**</span> |✔|✔|✔|✔|✖| +|<span class="text-nowrap"><i class="fa fa-id-card fa-fw"></i> **Limited**</span> |✔|✔|✔|✖|✖| +|<span class="text-nowrap"><i class="fa fa-lock fa-fw"></i> **Locked**</span> |✔|✔|✖|✔|✖| +|<span class="text-nowrap"><i class="fa fa-umbrella fa-fw"></i> **Protected**</span> |✔|✔|✖|✖|✖| +|<span class="text-nowrap"><i class="fa fa-hand-stop-o fa-fw"></i> **Private**</span> |✔|✖|✖|✖|✖| + **Only the owner of the note can change the note's permissions.** diff --git a/public/js/extra.js b/public/js/extra.js index bf388139..d36592d9 100644 --- a/public/js/extra.js +++ b/public/js/extra.js @@ -559,6 +559,15 @@ export function finishView (view) { // only static transform should be here export function postProcess (code) { const result = $(`<div>${code}</div>`) + // process style tags + result.find('style').each((key, value) => { + let html = $(value).html() + // unescape > symbel inside the style tags + html = html.replace(/>/g, '>') + // remove css @import to prevent XSS + html = html.replace(/@import url\(([^)]*)\);?/gi, '') + $(value).html(html) + }) // link should open in new window or tab result.find('a:not([href^="#"]):not([target])').attr('target', '_blank') // update continue line numbers @@ -1083,7 +1092,7 @@ const gistPlugin = new Plugin( (match, utils) => { const gistid = match[1] - const code = `<code data-gist-id="${gistid}"/>` + const code = `<code data-gist-id="${gistid}"></code>` return code } ) diff --git a/public/js/lib/editor/index.js b/public/js/lib/editor/index.js index 2991998b..33c1e0d4 100644 --- a/public/js/lib/editor/index.js +++ b/public/js/lib/editor/index.js @@ -74,6 +74,8 @@ export default class Editor { }, 'Cmd-Left': 'goLineLeftSmart', 'Cmd-Right': 'goLineRight', + 'Home': 'goLineLeftSmart', + 'End': 'goLineRight', 'Ctrl-C': function (cm) { if (!isMac && cm.getOption('keyMap').substr(0, 3) === 'vim') { document.execCommand('copy') diff --git a/public/js/locale.js b/public/js/locale.js index 2a2c1814..71c0f99f 100644 --- a/public/js/locale.js +++ b/public/js/locale.js @@ -11,6 +11,9 @@ $('.ui-locale option').each(function () { }) if (Cookies.get('locale')) { lang = Cookies.get('locale') + if (lang === 'zh') { + lang = 'zh-TW' + } } else if (supportLangs.indexOf(userLang) !== -1) { lang = supportLangs[supportLangs.indexOf(userLang)] } else if (supportLangs.indexOf(userLangCode) !== -1) { diff --git a/public/js/render.js b/public/js/render.js index 88a05bde..e2574b5f 100644 --- a/public/js/render.js +++ b/public/js/render.js @@ -27,7 +27,7 @@ var filterXSSOptions = { whiteList: whiteList, escapeHtml: function (html) { // allow html comment in multiple lines - return html.replace(/<(.*?)>/g, '<$1>') + return html.replace(/<(?!!--)/g, '<').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '>').replace(/__HTML_COMMENT_END__/g, '-->') }, onIgnoreTag: function (tag, html, options) { // allow comment tag diff --git a/public/js/reveal-markdown.js b/public/js/reveal-markdown.js index 94f6fb91..d15b5ebd 100755 --- a/public/js/reveal-markdown.js +++ b/public/js/reveal-markdown.js @@ -320,7 +320,7 @@ import { md } from './extra' var notes = section.querySelector('aside.notes') var markdown = getMarkdownFromSlide(section) - + markdown = markdown.replace(/</g, '<').replace(/>/g, '>') var rendered = md.render(markdown) rendered = preventXSS(rendered) var result = window.postProcess(rendered) diff --git a/public/js/slide.js b/public/js/slide.js index 293ebfe2..59a352ec 100644 --- a/public/js/slide.js +++ b/public/js/slide.js @@ -4,9 +4,10 @@ require('../css/extra.css') require('../css/site.css') +import { preventXSS } from './render' import { md, updateLastChange, removeDOMEvents, finishView } from './extra' -const body = $('.slides').text() +const body = preventXSS($('.slides').text()) window.createtime = window.lastchangeui.time.attr('data-createtime') window.lastchangetime = window.lastchangeui.time.attr('data-updatetime') diff --git a/public/views/hackmd/header.ejs b/public/views/hackmd/header.ejs index 87d2b065..47b563ac 100644 --- a/public/views/hackmd/header.ejs +++ b/public/views/hackmd/header.ejs @@ -32,6 +32,7 @@ </li> <li role="presentation"><a role="menuitem" class="ui-extra-slide" tabindex="-1" href="#" target="_blank"><i class="fa fa-tv fa-fw"></i> <%= __('Slide Mode') %></a> </li> + <% if((typeof github !== 'undefined' && github) || (typeof dropbox !== 'undefined' && dropbox) || (typeof google !== 'undefined' && google) || (typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api'))) { %> <li class="divider"></li> <li class="dropdown-header"><%= __('Export') %></li> <li role="presentation"><a role="menuitem" class="ui-save-dropbox" tabindex="-1" href="#" target="_self"><i class="fa fa-dropbox fa-fw"></i> Dropbox</a> @@ -46,6 +47,7 @@ <li role="presentation"><a role="menuitem" class="ui-save-snippet" href="#"><i class="fa fa-gitlab fa-fw"></i> Snippet</a> </li> <% } %> + <% } %> <li class="divider"></li> <li class="dropdown-header"><%= __('Import') %></li> <li role="presentation"><a role="menuitem" class="ui-import-dropbox" tabindex="-1" href="#" target="_self"><i class="fa fa-dropbox fa-fw"></i> Dropbox</a> @@ -68,8 +70,10 @@ </li> <li role="presentation"><a role="menuitem" class="ui-download-raw-html" tabindex="-1" href="#" target="_self"><i class="fa fa-file-code-o fa-fw"></i> <%= __('Raw HTML') %></a> </li> - <li role="presentation"><a role="menuitem" class="ui-download-pdf-beta" tabindex="-1" href="#" target="_self"><i class="fa fa-file-pdf-o fa-fw"></i> PDF (Beta)</a> - </li> + <% if(allowpdfexport) {%> + <li role="presentation"><a role="menuitem" class="ui-download-pdf-beta" tabindex="-1" href="#" target="_self"><i class="fa fa-file-pdf-o fa-fw"></i> PDF (Beta)</a> + </li> + <% } %> <li class="divider"></li> <li role="presentation"><a role="menuitem" class="ui-help" href="#" data-toggle="modal" data-target=".help-modal"><i class="fa fa-question-circle fa-fw"></i> Help</a> </li> @@ -129,6 +133,7 @@ </li> <li role="presentation"><a role="menuitem" class="ui-extra-slide" tabindex="-1" href="#" target="_blank"><i class="fa fa-tv fa-fw"></i> <%= __('Slide Mode') %></a> </li> + <% if((typeof github !== 'undefined' && github) || (typeof dropbox !== 'undefined' && dropbox) || (typeof google !== 'undefined' && google) || (typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api'))) { %> <li class="divider"></li> <li class="dropdown-header"><%= __('Export') %></li> <li role="presentation"><a role="menuitem" class="ui-save-dropbox" tabindex="-1" href="#" target="_self"><i class="fa fa-dropbox fa-fw"></i> Dropbox</a> @@ -143,6 +148,7 @@ <li role="presentation"><a role="menuitem" class="ui-save-snippet" href="#"><i class="fa fa-gitlab fa-fw"></i> Snippet</a> </li> <% } %> + <% } %> <li class="divider"></li> <li class="dropdown-header"><%= __('Import') %></li> <li role="presentation"><a role="menuitem" class="ui-import-dropbox" tabindex="-1" href="#" target="_self"><i class="fa fa-dropbox fa-fw"></i> Dropbox</a> @@ -165,8 +171,10 @@ </li> <li role="presentation"><a role="menuitem" class="ui-download-raw-html" tabindex="-1" href="#" target="_self"><i class="fa fa-file-code-o fa-fw"></i> <%= __('Raw HTML') %></a> </li> - <li role="presentation"><a role="menuitem" class="ui-download-pdf-beta" tabindex="-1" href="#" target="_self"><i class="fa fa-file-pdf-o fa-fw"></i> PDF (Beta)</a> - </li> + <% if(allowpdfexport) {%> + <li role="presentation"><a role="menuitem" class="ui-download-pdf-beta" tabindex="-1" href="#" target="_self"><i class="fa fa-file-pdf-o fa-fw"></i> PDF (Beta)</a> + </li> + <% } %> </ul> </li> </ul> diff --git a/public/views/index/body.ejs b/public/views/index/body.ejs index 84300539..b9c5c426 100644 --- a/public/views/index/body.ejs +++ b/public/views/index/body.ejs @@ -13,14 +13,14 @@ </li> <div class="ui-signin" style="float: right; margin-top: 8px;<% if(signin) { %> display: none;<% } %>"> <% if(allowAnonymous) { %> - <a type="button" href="<%- url %>/new" class="btn btn-sm btn-link"><i class="fa fa-plus"></i> <%= __('New guest note') %></a> + <a type="button" href="<%- url %>/new" class="btn btn-sm btn-primary"><i class="fa fa-plus"></i> <%= __('New guest note') %></a> <% } %> <% if(facebook || twitter || github || gitlab || dropbox || google || ldap || email) { %> <button class="btn btn-sm btn-success ui-signin" data-toggle="modal" data-target=".signin-modal"><%= __('Sign In') %></button> <% } %> </div> <div class="ui-signout" style="float: right; margin-top: 8px;<% if(!signin) { %> display: none;<% } %>"> - <a type="button" href="<%- url %>/new" class="btn btn-sm btn-link"><i class="fa fa-plus"></i> <%= __('New note') %></a> + <a type="button" href="<%- url %>/new" class="btn btn-sm btn-primary"><i class="fa fa-plus"></i> <%= __('New note') %></a> <span class="ui-profile dropdown pull-right"> <button id="profileLabel" class="btn btn-sm btn-link ui-profile-label" style="padding-right: 0;" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <img class="ui-avatar" width="20" height="20"><span class="hidden-xs hidden-sm"> <span class="ui-name"></span></span> <i class="fa fa-caret-down"></i> @@ -130,7 +130,8 @@ </p> <select class="ui-locale"> <option value="en">English</option> - <option value="zh">中文</option> + <option value="zh-CN">简体中文</option> + <option value="zh-TW">繁體中文</option> <option value="fr">Français</option> <option value="de">Deutsch</option> <option value="ja">日本語</option> @@ -175,4 +176,4 @@ </div> </div> </div> -<%- include ../shared/signin-modal %>
\ No newline at end of file +<%- include ../shared/signin-modal %> |