summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update yarn.lockSheogorath2019-10-231-134/+164
|
* Merge pull request #205 from hoijui/linkifyHeaderStyleSheogorath2019-10-235-7/+16
|\ | | | | Allow to generate lower case header references through the config
| * Allow to generate lower case header references through the confighoijui2019-10-225-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | This makes the references consistent/compatible with GitHub, GitLab, Pandoc and many other tools. This behavior can be enabled in config.json with: ``` "linkifyHeaderStyle": "gfm" ``` Signed-off-by: hoijui <hoijui.quaero@gmail.com>
| * slight doc comment touch-up/simplification [minor]hoijui2019-10-221-3/+3
| | | | | | | | Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* | Merge pull request #206 from SISheogorath/fix/CVE-2019-15499Sheogorath2019-10-221-1/+1
|\ \ | |/ |/| Don't accept sandbox attribute
| * Don't accept sandbox attributeRyotaK2019-10-221-1/+1
|/ | | | | | Because sandbox is whitelist attribute, attacker will be able to create iframe that has more permission than default. Signed-off-by: RyotaK <49341894+ry0tak@users.noreply.github.com>
* Merge pull request #200 from ErikMichelson/docs/apiSheogorath2019-10-202-0/+524
|\ | | | | Add API documentation (#172)
| * Fixed JSON syntax error in api doc exampleErik Michelson2019-10-181-1/+1
| | | | | | | | Signed-off-by: Erik Michelson <erik@liltv.de>
| * Finishing openapi docErik Michelson2019-10-171-1/+288
| | | | | | | | | | | | version 1.6.0 is noted as this document already contains the 1.6.0 endpoint /new/alias Signed-off-by: Erik Michelson <erik@liltv.de>
| * WIP: Adding openapi docErik Michelson2019-10-152-1/+195
| | | | | | | | Signed-off-by: Erik Michelson <erik@liltv.de>
| * Added API-doc as markdown fileErik Michelson2019-10-131-0/+43
|/ | | | Signed-off-by: Erik Michelson <erik@liltv.de>
* Merge pull request #199 from SISheogorath/fix/opengraphSheogorath2019-10-121-1/+2
|\ | | | | Fix broken error template due to missing opengraph
| * Fix broken error template due to missing opengraphSheogorath2019-10-111-1/+2
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This regression bug was caused by the error page using the `codimd/head` template. This resulted in error messages like this: ``` ReferenceError: /codimd/public/views/error.ejs:5 3| 4| <head> >> 5| <%- include codimd/head %> 6| <link rel="stylesheet" href="<%- serverURL %>/css/center.css"> 7| </head> 8| /codimd/public/views/codimd/head.ejs:7 5| <meta name="apple-mobile-web-app-status-bar-style" content="black"> 6| <meta name="mobile-web-app-capable" content="yes"> >> 7| <% for (var og in opengraph) { %> 8| <% if (opengraph.hasOwnProperty(og) && opengraph[og].trim() !== '') { %> 9| <meta property="og:<%- og %>" content="<%- opengraph[og] %>"> 10| <% }} if (!opengraph.hasOwnProperty('image')) { %> opengraph is not defined at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:18:23) at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:99:10) at returnedFn (/codimd/node_modules/ejs/lib/ejs.js:653:17) at tryHandleCache (/codimd/node_modules/ejs/lib/ejs.js:251:36) at View.exports.renderFile [as engine] (/codimd/node_modules/ejs/lib/ejs.js:482:10) at View.render (/codimd/node_modules/express/lib/view.js:135:8) at tryRender (/codimd/node_modules/express/lib/application.js:640:10) at Function.render (/codimd/node_modules/express/lib/application.js:592:3) at ServerResponse.render (/codimd/node_modules/express/lib/response.js:1012:7) at responseError (/codimd/lib/response.js:57:20) at Object.errorNotFound (/codimd/lib/response.js:30:5) at newNote (/codimd/lib/response.js:134:76) at /codimd/lib/response.js:172:16 at tryCatcher (/codimd/node_modules/bluebird/js/release/util.js:16:23) at Promise._settlePromiseFromHandler (/codimd/node_modules/bluebird/js/release/promise.js:517:31) at Promise._settlePromise (/codimd/node_modules/bluebird/js/release/promise.js:574:18) at Promise._settlePromise0 (/codimd/node_modules/bluebird/js/release/promise.js:619:10) at Promise._settlePromises (/codimd/node_modules/bluebird/js/release/promise.js:699:18) at _drainQueueStep (/codimd/node_modules/bluebird/js/release/async.js:138:12) at _drainQueue (/codimd/node_modules/bluebird/js/release/async.js:131:9) at Async._drainQueues (/codimd/node_modules/bluebird/js/release/async.js:147:5) at Immediate.Async.drainQueues (/codimd/node_modules/bluebird/js/release/async.js:17:14) ``` The fix for that is rather trivial. We simply provide an empty array of metadata when generating the error template. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #191 from ErikMichelson/feature/ogmetadataSheogorath2019-10-106-2/+55
|\ | | | | Add customizable opengraph metadata for notes (see #40)
| * Fixed bugs, added default imageErik Michelson2019-10-093-6/+12
| | | | | | | | Signed-off-by: Erik Michelson <erik@liltv.de>
| * Added documentation for opengraph metadataErik Michelson2019-10-041-0/+17
| | | | | | | | Signed-off-by: Erik Michelson <erik@liltv.de>
| * Added customizable og-metadata to notesErik Michelson2019-10-044-2/+23
| | | | | | | | Signed-off-by: Erik Michelson <erik@liltv.de>
| * Added og-metadata to index pageErik Michelson2019-10-041-0/+9
| | | | | | | | | | | | | | | | - image and URL properties are only included if the server url is set, because opengraph protocol does not support relative links Signed-off-by: Erik Michelson <erik@liltv.de>
* | Merge pull request #192 from MartinTuroci/masterSheogorath2019-10-103-1/+123
|\ \ | | | | | | Add Slovak locale
| * | Slovak localeMartin Turoci2019-10-053-1/+123
| | | | | | | | | | | | Signed-off-by: Martin Turoci <martinturoci@gmail.com>
* | | Merge pull request #194 from codimd/snyk-fix-27d859743049494e0baa12ce95beef65Sheogorath2019-10-101-1/+1
|\ \ \ | | | | | | | | [Snyk] Fix for 1 vulnerabilities
| * | | fix: package.json to reduce vulnerabilitiessnyk-bot2019-10-101-1/+1
|/ / / | | | | | | | | | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438
* | | Update ar.json (POEditor.com)Sheogorath2019-10-081-2/+3
| | |
* | | Update pl.json (POEditor.com)Sheogorath2019-10-081-1/+2
| | |
* | | Update id.json (POEditor.com)Sheogorath2019-10-081-1/+2
| | |
* | | Update de.json (POEditor.com)Sheogorath2019-10-081-2/+2
| | |
* | | Update en.json (POEditor.com)Sheogorath2019-10-081-120/+121
| | |
* | | Update zh-TW.json (POEditor.com)Sheogorath2019-10-081-1/+2
|/ /
* | Merge pull request #189 from PetrTodorov/masterSheogorath2019-10-053-1/+123
|\ \ | | | | | | Added Czech translation
| * | Added Czech translationPetrTodorov2019-10-033-1/+123
| |/ | | | | | | Signed-off-by: PetrTodorov <info@petrtodorov.cz>
* | Merge pull request #187 from Amolith/masterSheogorath2019-10-051-11/+0
|\ \ | |/ |/| remove legacy code to solve #58
| * remove unused variable to pass ci testing - #58Amolith2019-10-031-1/+0
| | | | | | | | Signed-off-by: Amolith <amolith@nixnet.xyz>
| * remove legacy code to solve #58Amolith2019-10-031-10/+0
|/ | | | Signed-off-by: Amolith <amolith@nixnet.xyz>
* Merge pull request #186 from codimd/snyk-fix-67ec214d52c0e9b5cf1620e19ace6b1aSheogorath2019-09-301-1/+1
|\ | | | | [Snyk] Fix for 1 vulnerabilities
| * fix: package.json to reduce vulnerabilitiessnyk-bot2019-09-301-1/+1
|/ | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HELMETCSP-469436
* Merge pull request #185 from codimd/snyk-fix-905c5c88626d5047fb1568d93ce366caSheogorath2019-09-261-1/+1
|\ | | | | [Snyk] Fix for 1 vulnerabilities
| * fix: package.json to reduce vulnerabilitiessnyk-bot2019-09-261-1/+1
| | | | | | | | | | The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
* | Merge pull request #170 from ErikMichelson/post-note-urlSheogorath2019-09-262-13/+19
|\ \ | |/ |/| Added endpoint for note-creation with given alias
| * Refactored note-creation with given noteIdErik Michelson2019-09-042-14/+18
| | | | | | | | | | | | | | Known bugs/features: - pushing towards an existing note results in an error 500 Signed-off-by: Erik Michelson <erik@liltv.de>
| * Added endpoint for note-creation with given aliasErik Michelson2019-09-042-2/+4
| | | | | | | | Signed-off-by: Erik Michelson <erik@liltv.de>
* | Merge pull request #180 from ErikMichelson/fix/trailingSlashRedirectSheogorath2019-09-182-4/+4
|\ \ | | | | | | Fixed #179 (redirect loop with a trailing slash)
| * | Updated forbiddenNoteIDsErik Michelson2019-09-181-1/+1
| | | | | | | | | | | | Signed-off-by: Erik Michelson <erik@liltv.de>
| * | Fixed #179 (redirect loop with a trailing slash)Erik Michelson2019-09-181-3/+3
|/ / | | | | | | Signed-off-by: Erik Michelson <erik@liltv.de>
* | Merge pull request #173 from ErikMichelson/docsSheogorath2019-09-182-4/+45
|\ \ | | | | | | Extended config.js documentation on login methods and libravatar
| * | Added link to libravatar.orgErik Michelson2019-09-092-2/+2
| | | | | | | | | | | | Signed-off-by: Erik Michelson <erik@liltv.de>
| * | Extended login methods sectionErik Michelson2019-09-091-2/+43
| | | | | | | | | | | | Signed-off-by: Erik Michelson <erik@liltv.de>
| * | Changed Gravatar to LibravatarErik Michelson2019-09-092-2/+2
| | | | | | | | | | | | Signed-off-by: Erik Michelson <erik@liltv.de>
* | | Merge pull request #176 from SISheogorath/docs/securitySheogorath2019-09-121-0/+32
|\ \ \ | |/ / |/| | Add security note to repository
| * | Add security note to repositorySheogorath2019-09-101-0/+32
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | In order to simplify the communication with security researcher and allow reporting of issues, this document should provide a rough idea about: 1. What versions are supported 2. Who to contact 3. How to send findings properly secured 4. What to expect from an approved security issue 5. What if it's not considered a security issue Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #171 from soulchild/masterSheogorath2019-09-071-1/+1
|\ \ | |/ |/| Move sequelize-cli from devDependencies to dependencies, because it is needed to run migrations at run-time