Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | CSP: Add nonce to slide view inline JS | Literallie | 2017-10-22 | 4 | -2/+11 |
| | |||||
* | CSP: Upgrade insecure requests if possible | Literallie | 2017-10-22 | 2 | -2/+8 |
| | | | | Config option; default is to only upgrade if usessl | ||||
* | Add basic CSP support | Literallie | 2017-10-22 | 2 | -0/+35 |
| | |||||
* | Merge pull request #597 from hackmdio/fix-gist-tag-structure | Sheogorath | 2017-10-21 | 1 | -1/+1 |
|\ | | | | | | | | | Fix markdown-it gist plugin code closing tag Fix #596 | ||||
| * | Fix markdown-it gist plugin code closing tag | Yukai Huang | 2017-10-21 | 1 | -1/+1 |
|/ | | | | fix #596 | ||||
* | Merge pull request #595 from geekyd/swap | Sheogorath | 2017-10-19 | 1 | -0/+4 |
|\ | | | | | Hides empty export section | ||||
| * | Hides empty export section | geekyd | 2017-10-18 | 1 | -0/+4 |
| | | |||||
* | | Merge pull request #586 from PeterDaveHello/jsonlint | Sheogorath | 2017-10-18 | 1 | -1/+3 |
|\ \ | |/ |/| | Add jsonlint script to ensure all json files are valid | ||||
| * | Add jsonlint script to ensure all json files are valid | Peter Dave Hello | 2017-10-14 | 1 | -1/+3 |
| | | |||||
* | | Merge pull request #593 from felixonmars/patch-1 | Sheogorath | 2017-10-17 | 1 | -1/+1 |
|\ \ | | | | | | | Fix a typo in README.md | ||||
| * | | Fix a typo in README.md | Felix Yan | 2017-10-17 | 1 | -1/+1 |
|/ / | |||||
* | | Merge pull request #585 from xxyy/feature/hsts-cfg | Sheogorath | 2017-10-14 | 6 | -6/+52 |
|\ \ | | | | | | | Make HSTS Behaviour Configurable (Fixes #584) | ||||
| * | | Add env vars for extra HSTS options | Literallie | 2017-10-13 | 3 | -0/+18 |
| | | | |||||
| * | | Add on/off env var for HSTS | Literallie | 2017-10-13 | 3 | -1/+8 |
| | | | |||||
| * | | Make HSTS behaviour configurable; Fixes #584 | Literallie | 2017-10-13 | 4 | -5/+26 |
| |/ | |||||
* | | Merge pull request #569 from SISheogorath/feature/extendedPermissionDocs | Sheogorath | 2017-10-14 | 1 | -6/+9 |
|\ \ | |/ |/| | Provide table for permissions | ||||
| * | Provide table for permissions | Sheogorath | 2017-10-12 | 1 | -6/+9 |
| | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | | Merge pull request #581 from SISheogorath/fix/HMD_URL_ADDPORT | Sheogorath | 2017-10-12 | 1 | -1/+1 |
|\ \ | | | | | | | Fix missing boolean setting for HMD_URL_ADDPORT | ||||
| * | | Fix missing boolean setting for HMD_URL_ADDPORT | Sheogorath | 2017-10-11 | 1 | -1/+1 |
| |/ | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | | Merge pull request #575 from PeterDaveHello/fix.travis.yml | Sheogorath | 2017-10-11 | 1 | -1/+0 |
|\ \ | | | | | | | Remove duplicated nodejs version in .travis.yml | ||||
| * | | Remove duplicated nodejs version in .travis.yml | Peter Dave Hello | 2017-10-11 | 1 | -1/+0 |
| |/ | | | | | | | lts/boron is v6 | ||||
* | | Merge pull request #566 from ccoenen/fix-mysql-revision-order | Sheogorath | 2017-10-11 | 1 | -4/+4 |
|\ \ | | | | | | | createdAt DESC with quotation marks did not work with MySQL fixes #565 | ||||
| * | | createdAt DESC with quotation marks did not work with MySQL fixes #565 | Claudius Coenen | 2017-10-09 | 1 | -4/+4 |
| |/ | |||||
* | | Merge pull request #573 from PeterDaveHello/add-version-badge | Claudius Coenen | 2017-10-10 | 1 | -0/+3 |
|\ \ | | | | | | | Add version badge in README.md | ||||
| * | | Add version badge in README.md | Peter Dave Hello | 2017-10-10 | 1 | -0/+3 |
| |/ | |||||
* | | Merge pull request #571 from SISheogorath/fix/shellcheck | Sheogorath | 2017-10-10 | 1 | -2/+2 |
|\ \ | |/ |/| | Prevent argument breaking by spaces | ||||
| * | Prevent argument breaking by spaces | Sheogorath | 2017-10-10 | 1 | -2/+2 |
|/ | |||||
* | Merge pull request #550 from SISheogorath/fix/gitlabAvatar | Sheogorath | 2017-10-08 | 1 | -2/+6 |
|\ | | | | | | | | | Fix broken profile images in GitLab Fixes #549 | ||||
| * | Fix broken profile images | Sheogorath | 2017-09-22 | 1 | -2/+6 |
| | | |||||
* | | Merge pull request #564 from geekyd/pop_button | Claudius Coenen | 2017-10-08 | 1 | -3/+3 |
|\ \ | | | | | | | Adds button style to "new note" | ||||
| * | | Adds color to new note button | geekyd | 2017-10-07 | 1 | -3/+3 |
| | | | |||||
* | | | Merge pull request #563 from geekyd/master | Sheogorath | 2017-10-08 | 1 | -0/+3 |
|\ \ \ | |/ / |/| | | Updates default max_line_len in uglifyjs | ||||
| * | | Increases max_line_len in uglifyjs | geekyd | 2017-10-07 | 1 | -0/+3 |
|/ / | |||||
* | | Merge pull request #553 from weisslj/fix-s3-bucket-documentation | Sheogorath | 2017-10-07 | 2 | -4/+5 |
|\ \ | | | | | | | Correct documentation of S3 bucket | ||||
| * | | Correct documentation of S3 bucket | Johannes Weißl | 2017-09-23 | 2 | -4/+5 |
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Documentation added in aaf034b on Nov 17th 2016 says the S3 bucket can be specified with `s3.bucket`, but commit c8bcc4c (#285) on Dec 18th 2016 used `s3bucket`. Instead of fixing the code (#552) to match the documentation this commit changes just the documentation so that existing configurations are not broken. Also, the `s3` object is passed as is to `AWS.S3()`, which does not know the option `bucket` (but silently ignores it in my test). http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#constructor-property Following the old documentation leads to this exception: 2017-09-23T09:42:38.079Z - error: MissingRequiredParameter: Missing required key 'Bucket' in params at ParamValidator.fail (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:50:37) at ParamValidator.validateStructure (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:61:14) at ParamValidator.validateMember (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:88:21) at ParamValidator.validate (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:34:10) at Request.VALIDATE_PARAMETERS (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:125:42) at Request.callListeners (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:105:20) at callNextListener (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:95:12) at /srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:85:9 at finish (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:315:7) at /srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:333:9 at Credentials.get (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/credentials.js:126:7) at getAsyncCredentials (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:327:24) at Config.getCredentials (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:347:9) at Request.VALIDATE_CREDENTIALS (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:80:26) at Request.callListeners (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:101:18) at Request.emit (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:77:10) | ||||
* | | Fix to filter @import CSS syntax in style tag to prevent XSS [Security Issue] | Wu Cheng-Han | 2017-10-05 | 1 | -4/+9 |
| | | |||||
* | | Fix unescape > symbol inside the style tags to make the CSS works | Wu Cheng-Han | 2017-10-05 | 1 | -0/+4 |
| | | |||||
* | | Fix blockquote not parse correctly in slide mode | Wu Cheng-Han | 2017-10-05 | 2 | -3/+1 |
| | | |||||
* | | Update .travis.yml | Max Wu | 2017-09-27 | 1 | -0/+4 |
| | | |||||
* | | Update yarn.lock file | Wu Cheng-Han | 2017-09-27 | 1 | -1171/+1260 |
| | | |||||
* | | Merge pull request #538 from madebyherzblut/fix-yarn-lock | Max Wu | 2017-09-27 | 1 | -4/+4 |
|\ \ | | | | | | | Update yarn.lock | ||||
| * | | Update yarn.lock | Christian Schuhmann | 2017-08-29 | 1 | -4/+4 |
| |/ | |||||
* | | Merge pull request #527 from sygi/patch-1 | Max Wu | 2017-09-27 | 1 | -1/+1 |
|\ \ | | | | | | | Typo in Polish translation | ||||
| * | | (nit) typo | Jakub Sygnowski | 2017-08-10 | 1 | -1/+1 |
| |/ | |||||
* | | Merge pull request #541 from Stonesjtu/patch-1 | Max Wu | 2017-09-27 | 1 | -3/+3 |
|\ \ | | | | | | | Fix naming typo. | ||||
| * | | Give google the correct name. | Kaiyu Shi | 2017-09-04 | 1 | -3/+3 |
| |/ | |||||
* | | Fix home and end keys behavior for windows | Wu Cheng-Han | 2017-09-27 | 1 | -0/+2 |
| | | |||||
* | | Fix the < and > symbols are doubly escaped which affected by executing ↵ | Wu Cheng-Han | 2017-09-27 | 1 | -0/+2 |
| | | | | | | | | preventXSS twice | ||||
* | | Fix slide mode contains unclosed tags might cause XSS [Security Issue] | Wu Cheng-Han | 2017-09-27 | 1 | -1/+2 |
| | | |||||
* | | Fix unclosed tags might cause XSS [Security Issue] | Wu Cheng-Han | 2017-09-27 | 1 | -1/+1 |
|/ |