| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
see more at: http://docs.mathjax.org/en/latest/safe-mode.html
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
I don't really like the way to go here, but I guess having those
forcefully upgraded is better than staying around with vulnerable
dependencies.
This patch fixes some vulnerbilities in dependencies that were
categories as high severity.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Remove broken speakerdeck embedding
|
| |
| |
| |
| | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The current speakerdeck implementation is broken. An alternative
implementation using oembed doesn't work due to CORS, which could be
solved by proxying the speakerdeck API, but we decided to not do this.
This patch provides the link to the speakerdeck presentation instead,
and this way doesn't break existing notes. This is right now the best
solution we could come up with.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Synk found an security vulnerbility in the version we provide, that in
theory can provide an RCE.
Details: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
|
|\ \
| | |
| | | |
Fix several typos in auth/saml.md
|
|/ /
| |
| |
| | |
Signed-off-by: Felix Yan <felixonmars@archlinux.org>
|
|/ |
|
|
|
|
|
|
|
|
|
| |
We talked about that during a community call. It turned out that not
everyone likes to have OpenID on their instance.
This patch disables OpenID by default.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fix broken PDF export by wrong unlink call
|
|/
|
|
|
|
|
|
|
|
|
| |
We used `fs.unlink()` to remove the pdf file after we send it out to the
client. This breaks in Node 10, when no function as second parameter is
supplied.
This patches changes it to the `fs.unlinkSync` function that doesn't
have this requirement and this way doesn't crash.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fixing deep dependency problem with node 6.x
|
|/
|
|
|
|
|
|
| |
this commit has been blatantly stolen from @samselikoff in ember-cli-addon-docs. It prevents an issue introduced via a deep dependency that no longer supports node 6 (which we still would like to support).
see: https://github.com/ember-learn/ember-cli-addon-docs/commit/231275b5a4bed59bbac798ddaa1bde94319047cb
see: https://github.com/salesforce/tough-cookie/pull/141
Signed-off-by: Claudius Coenen <opensource@amenthes.de>
|
|\
| |
| | |
Fix reference to SAML guide in README
|
|/
|
|
| |
Signed-off-by: Jonathan Klauck <jonathan.klauck@aoe.com>
|
|\
| |
| | |
Add linting for tests
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The tests are currently not linted. This causes a different coding style
than the rest of the sources.
This patch adds the `./test` directory to the eslint testing and fixes
linting for existing tests.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\|
| |
| | |
Add tests for csp.js
|
|/
|
|
|
|
|
|
|
|
| |
Since we lack of tests but got some great point to start, let's write
more tests.
This patch provides some basic tests for our CSP library. It's more an
integration than a unit test, but gets the job done.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fix broken manage_users after Winston upgrade
|
| |
| |
| |
| |
| |
| |
| |
| | |
Commit c3584770 upgrades Winston and with that version
`logger.transports.console` becomes undefined. This commit
updates the code to prevent the crash.
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
|
|\ \
| |/
|/| |
Update bootstrap from 3.3.7 to 3.4.0
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
Seems like finally there is a new bootstrap version for old version 3.
This patch implements this new version with CodiMD and this way fixes
some possible security issues in the frontend code.
See:
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Update SAML to version 1.0.0
|
|/
|
|
|
|
|
|
|
|
| |
Seems like there was a security problem with the library.
This patch updates to version 1.0.0 which fixed the details.
Details: https://snyk.io/vuln/SNYK-JS-PASSPORTSAML-72411
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Remove blueimp-md5 dependency
|
| |
| |
| |
| | |
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
|
| |
| |
| |
| | |
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
|
|\ \
| |/
|/| |
Fix some XSS issues
|
| |
| |
| |
| | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|/
|
| |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|\
| |
| | |
Fix broken Gist embedding
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Looks like GitHub changed their asset system and our CSP prevented them
from getting loaded.
This patch should fix the Gist embedding with enabled CSP by replacing
the old URL `https://assets-cdn.github.com` with the new
`https://github.githubassets.com`.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| | |
| | | |
Update upload provider error message
|
|/ /
| |
| |
| |
| |
| | |
Fixes #1107.
Signed-off-by: Daan Sprenkels <hello@dsprenkels.com>
|
|\ \
| | |
| | | |
Fix usage of new URL API
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Due to the deprecation of the old `url`-API provided by NodeJS we
replaced `url.resolve` with `url.URL.resolve`, which doesn't exist.
This patch fixes the local filesystem upload of CodiMD by using the new
API correctly. Creating an URL object and using its href.
Some more background:
https://nodejs.org/api/url.html#url_url_href
https://nodejs.org/api/url.html#url_url_resolve_from_to
Fixes https://github.com/hackmdio/codimd/issues/1102
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
|
|\ \
| | |
| | | |
Fix CSP for speaker notes
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Looks like I was wrong in my previous commit to update revealjs.[1]
The speaker notes broke again with the CSPs. So this patch updates the
hash and this way the speaker notes.
[1]: bcebf1e8d285184f8c905f00e0270621790e7b80
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| |/
|/| |
Fix disqus CSP
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Disqus loads it's embed config.js from its root domain
(https://disqus.com). Our CSPs only allow subdomains (e.g.:
https://codimd.disqus.com). This causes the disqus embedding to fail.
This patch should fix this problem by adding https://disqus.com to the
CSP setting. From a security perspective there is no real change. Since
still the same parties are involved.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Update socket.io
|