summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix MathJax CSP issuesLiterallie2017-10-225-16/+18
|
* CSP: Add nonce to slide view inline JSLiterallie2017-10-224-2/+11
|
* CSP: Upgrade insecure requests if possibleLiterallie2017-10-222-2/+8
| | | | Config option; default is to only upgrade if usessl
* Add basic CSP supportLiterallie2017-10-222-0/+35
|
* Merge pull request #597 from hackmdio/fix-gist-tag-structureSheogorath2017-10-211-1/+1
|\ | | | | | | | | Fix markdown-it gist plugin code closing tag Fix #596
| * Fix markdown-it gist plugin code closing tagYukai Huang2017-10-211-1/+1
|/ | | | fix #596
* Merge pull request #595 from geekyd/swapSheogorath2017-10-191-0/+4
|\ | | | | Hides empty export section
| * Hides empty export sectiongeekyd2017-10-181-0/+4
| |
* | Merge pull request #586 from PeterDaveHello/jsonlintSheogorath2017-10-181-1/+3
|\ \ | |/ |/| Add jsonlint script to ensure all json files are valid
| * Add jsonlint script to ensure all json files are validPeter Dave Hello2017-10-141-1/+3
| |
* | Merge pull request #593 from felixonmars/patch-1Sheogorath2017-10-171-1/+1
|\ \ | | | | | | Fix a typo in README.md
| * | Fix a typo in README.mdFelix Yan2017-10-171-1/+1
|/ /
* | Merge pull request #585 from xxyy/feature/hsts-cfgSheogorath2017-10-146-6/+52
|\ \ | | | | | | Make HSTS Behaviour Configurable (Fixes #584)
| * | Add env vars for extra HSTS optionsLiterallie2017-10-133-0/+18
| | |
| * | Add on/off env var for HSTSLiterallie2017-10-133-1/+8
| | |
| * | Make HSTS behaviour configurable; Fixes #584Literallie2017-10-134-5/+26
| |/
* | Merge pull request #569 from SISheogorath/feature/extendedPermissionDocsSheogorath2017-10-141-6/+9
|\ \ | |/ |/| Provide table for permissions
| * Provide table for permissionsSheogorath2017-10-121-6/+9
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #581 from SISheogorath/fix/HMD_URL_ADDPORTSheogorath2017-10-121-1/+1
|\ \ | | | | | | Fix missing boolean setting for HMD_URL_ADDPORT
| * | Fix missing boolean setting for HMD_URL_ADDPORTSheogorath2017-10-111-1/+1
| |/ | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #575 from PeterDaveHello/fix.travis.ymlSheogorath2017-10-111-1/+0
|\ \ | | | | | | Remove duplicated nodejs version in .travis.yml
| * | Remove duplicated nodejs version in .travis.ymlPeter Dave Hello2017-10-111-1/+0
| |/ | | | | | | lts/boron is v6
* | Merge pull request #566 from ccoenen/fix-mysql-revision-orderSheogorath2017-10-111-4/+4
|\ \ | | | | | | createdAt DESC with quotation marks did not work with MySQL fixes #565
| * | createdAt DESC with quotation marks did not work with MySQL fixes #565Claudius Coenen2017-10-091-4/+4
| |/
* | Merge pull request #573 from PeterDaveHello/add-version-badgeClaudius Coenen2017-10-101-0/+3
|\ \ | | | | | | Add version badge in README.md
| * | Add version badge in README.mdPeter Dave Hello2017-10-101-0/+3
| |/
* | Merge pull request #571 from SISheogorath/fix/shellcheckSheogorath2017-10-101-2/+2
|\ \ | |/ |/| Prevent argument breaking by spaces
| * Prevent argument breaking by spacesSheogorath2017-10-101-2/+2
|/
* Merge pull request #550 from SISheogorath/fix/gitlabAvatarSheogorath2017-10-081-2/+6
|\ | | | | | | | | Fix broken profile images in GitLab Fixes #549
| * Fix broken profile imagesSheogorath2017-09-221-2/+6
| |
* | Merge pull request #564 from geekyd/pop_buttonClaudius Coenen2017-10-081-3/+3
|\ \ | | | | | | Adds button style to "new note"
| * | Adds color to new note buttongeekyd2017-10-071-3/+3
| | |
* | | Merge pull request #563 from geekyd/masterSheogorath2017-10-081-0/+3
|\ \ \ | |/ / |/| | Updates default max_line_len in uglifyjs
| * | Increases max_line_len in uglifyjsgeekyd2017-10-071-0/+3
|/ /
* | Merge pull request #553 from weisslj/fix-s3-bucket-documentationSheogorath2017-10-072-4/+5
|\ \ | | | | | | Correct documentation of S3 bucket
| * | Correct documentation of S3 bucketJohannes Weißl2017-09-232-4/+5
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Documentation added in aaf034b on Nov 17th 2016 says the S3 bucket can be specified with `s3.bucket`, but commit c8bcc4c (#285) on Dec 18th 2016 used `s3bucket`. Instead of fixing the code (#552) to match the documentation this commit changes just the documentation so that existing configurations are not broken. Also, the `s3` object is passed as is to `AWS.S3()`, which does not know the option `bucket` (but silently ignores it in my test). http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#constructor-property Following the old documentation leads to this exception: 2017-09-23T09:42:38.079Z - error: MissingRequiredParameter: Missing required key 'Bucket' in params at ParamValidator.fail (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:50:37) at ParamValidator.validateStructure (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:61:14) at ParamValidator.validateMember (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:88:21) at ParamValidator.validate (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/param_validator.js:34:10) at Request.VALIDATE_PARAMETERS (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:125:42) at Request.callListeners (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:105:20) at callNextListener (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:95:12) at /srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:85:9 at finish (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:315:7) at /srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:333:9 at Credentials.get (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/credentials.js:126:7) at getAsyncCredentials (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:327:24) at Config.getCredentials (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/config.js:347:9) at Request.VALIDATE_CREDENTIALS (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/event_listeners.js:80:26) at Request.callListeners (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:101:18) at Request.emit (/srv/hackmd/hackmd/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
* | Fix to filter @import CSS syntax in style tag to prevent XSS [Security Issue]Wu Cheng-Han2017-10-051-4/+9
| |
* | Fix unescape > symbol inside the style tags to make the CSS worksWu Cheng-Han2017-10-051-0/+4
| |
* | Fix blockquote not parse correctly in slide modeWu Cheng-Han2017-10-052-3/+1
| |
* | Update .travis.ymlMax Wu2017-09-271-0/+4
| |
* | Update yarn.lock fileWu Cheng-Han2017-09-271-1171/+1260
| |
* | Merge pull request #538 from madebyherzblut/fix-yarn-lockMax Wu2017-09-271-4/+4
|\ \ | | | | | | Update yarn.lock
| * | Update yarn.lockChristian Schuhmann2017-08-291-4/+4
| |/
* | Merge pull request #527 from sygi/patch-1Max Wu2017-09-271-1/+1
|\ \ | | | | | | Typo in Polish translation
| * | (nit) typoJakub Sygnowski2017-08-101-1/+1
| |/
* | Merge pull request #541 from Stonesjtu/patch-1Max Wu2017-09-271-3/+3
|\ \ | | | | | | Fix naming typo.
| * | Give google the correct name.Kaiyu Shi2017-09-041-3/+3
| |/
* | Fix home and end keys behavior for windowsWu Cheng-Han2017-09-271-0/+2
| |
* | Fix the < and > symbols are doubly escaped which affected by executing ↵Wu Cheng-Han2017-09-271-0/+2
| | | | | | | | preventXSS twice
* | Fix slide mode contains unclosed tags might cause XSS [Security Issue]Wu Cheng-Han2017-09-271-1/+2
| |
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 03:25:38 +0000