summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Reorganize usage of `getAsFile()`Sheogorath2018-03-181-2/+5
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix typo in vedor extensionSheogorath2018-03-181-2/+2
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #761 from SISheogorath/feature/reportURIChristoph (Sheogorath) Kern2018-03-144-2/+12
|\ | | | | Add config option for report URI in CSP
| * Add config option for report URI in CSPSheogorath2018-03-144-2/+12
| | | | | | | | | | | | | | | | This option is needed as it's currently not possible to add an report URI by the directives array. This option also allows to get CSP reports not only on docker based setup but also on our heroku instances. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #765 from vazontang/masterChristoph (Sheogorath) Kern2018-03-141-1/+1
|\ \ | | | | | | Convert HMD_MINIO_PORT into Number type.
| * | Convert HMD_MINIO_PORT into Number type.vazontang2018-03-151-1/+1
|/ / | | | | | | | | fix hackmdio/hackmd#763 Signed-off-by: Tang TsungYi <vazontang@gmail.com>
* | Merge pull request #760 from thegcat/fix/support_multiple_emails_in_ldapChristoph (Sheogorath) Kern2018-03-101-1/+1
|\ \ | |/ |/| Multiple emails from LDAP are already an Array
| * Multiple emails from LDAP are already an ArrayFelix Schäfer2018-03-091-1/+1
|/ | | | Signed-off-by: Felix Schäfer <felix@thegcat.net>
* Update yarn.lockSheogorath2018-03-071-77/+0
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #756 from davidmehren/masterChristoph (Sheogorath) Kern2018-03-072-7/+4
|\ | | | | Remove engine.io-client dependency
| * Remove engine.io-client dependency and fix webpack configDavid Mehren2018-03-062-7/+4
|/ | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* Merge pull request #755 from thegcat/fix/remove_unused_ldap_optionsChristoph (Sheogorath) Kern2018-03-064-4/+0
|\ | | | | | | | | Remove unused LDAP option `tokenSecret` fixes #754
| * Remove unused LDAP option `tokenSecret`Felix Schäfer2018-03-054-4/+0
|/ | | | | | hackmdio/hackmd#754 Signed-off-by: Felix Schäfer <felix@thegcat.net>
* Merge pull request #753 from senk/patch-1Christoph (Sheogorath) Kern2018-03-051-1/+1
|\ | | | | Fix small typo
| * Fix small typoRobin Naundorf2018-03-051-1/+1
|/ | | | Signed-off-by: Robin Naundorf <r.naundorf@fh-muenster.de>
* Merge pull request #750 from fooker/masterChristoph (Sheogorath) Kern2018-03-035-3/+10
|\ | | | | Use ldap.usernameField over hardcoded uid fields
| * Introduce ldap.useridFieldDustin Frisch2018-03-015-3/+10
|/ | | | Signed-off-by: Dustin Frisch <fooker@lab.sh>
* Merge pull request #744 from hackmdio/add-more-html5-tagsChristoph (Sheogorath) Kern2018-02-262-5/+17
|\ | | | | Support more html5 tags and styles
| * Update styles of details, summary and figureMax Wu2018-02-261-2/+14
| | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * Update to allow rp tag for rubyMax Wu2018-02-261-0/+2
| | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * Remove manual allow details tag since default already allow itMax Wu2018-02-261-3/+1
|/ | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Merge pull request #740 from SISheogorath/feature/moreHTML5Christoph (Sheogorath) Kern2018-02-252-1/+20
|\ | | | | Extend HTML5 support by whitelisting various tags
| * Extend HTML5 support by whitelisting various tagsSheogorath2018-02-252-1/+20
|/ | | | | | | | | | | | HTML5 provides a wide feature set of useful elements. Since Markdown usually supports HTML it should be able to use these HTML5 tags as well. As they were requested by some users and they where checked for being safe, whitelisting them isn't a problem. To make the experience the same as on GitHub when it comes to the basic look and feel of the rendered markdown, some CSS was added to make the summary and the details tag look like on GitHub. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #739 from SISheogorath/fix/sublime-escChristoph (Sheogorath) Kern2018-02-251-3/+3
|\ | | | | Allow the usage of the esc-key by codemirror
| * Allow the usage of the esc-key by codemirrorSheogorath2018-02-241-3/+3
|/ | | | | | | | | | | | | This change allows all input modes of codemirror to use the information from an input esc-key and make this way vim and sublime more functional. To prevent this change from breaking the return from the fullscreen mode, it catches the esc-key in this case. Hopefully this is an acceptable solution. As before the vim-mode is handled different in fulltext-mode as it is esc-key heavy. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #735 from SISheogorath/fix/jsonlintChristoph (Sheogorath) Kern2018-02-192-2/+5
|\ | | | | Use jq instead of jsonlint
| * Use jq instead of jsonlintSheogorath2018-02-192-2/+5
|/ | | | | | | | | As the jsonlint package from NPM causes problems and looks unmaintained, it'll be replaced with `jq` a well maintained project which allows to search through JSON files in a `grep`-like style, but knowing the JSON structure. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #730 from Zearin/patch-1Christoph (Sheogorath) Kern2018-02-191-119/+119
|\ | | | | Update README.md
| * Rerun doctocZearin2018-02-171-2/+2
| | | | | | | | Signed-off-by: Anthony "Zearin" Rogers <zearin@users.sourceforge.net>
| * Update README.mdZearin2018-02-171-117/+117
| | | | | | | | Signed-off-by: Anthony "Zearin" Rogers <zearin@users.sourceforge.net>
* | Merge pull request #728 from hackmdio/fix-show-error-in-parseNoteIdChristoph (Sheogorath) Kern2018-02-171-1/+2
|\ \ | | | | | | Fix to show 500 message when got error in parseNoteId
| * | Fix to show 500 message when got error in parseNoteIdMax Wu2018-02-171-1/+2
|/ / | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* | Merge pull request #725 from SISheogorath/fix/referrerPolicyChristoph (Sheogorath) Kern2018-02-121-0/+7
|\| | | | | Add referrer policy
| * Add referrer policySheogorath2018-02-121-0/+7
|/ | | | | | | | | | | | | | | This commit adds a referrer policy to all requests. The usage of `same-origin` allows HackMD to still interpret all requests and this way not break anything. But it prevents 3rd party scripts, pictures and more to get informations that may lead to not secured note. It has to be mentioned that this maybe breaks some features of the Google Analytics embedding. This has to be tested. Fixes #724 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix field type to prevent data truncation of authorship (#721)Max Wu2018-02-093-2/+15
| | | | * Fix field type to prevent data truncation of authorship
* Add matrix.org badge to README.mdChristoph (Sheogorath) Kern2018-02-081-0/+3
| | | | | | | | | Matrix.org is an interesting platform for collaboration and community building. Thanks to various clients it supports it's maybe better than gitter to keep people on track and have a community feeling, discuss changes and more. Not not split up into two parties not knowing of each other, the Gitter channel and the Matrix channel are bridged. This helps to keep everyone informed while add more medias. Signed-off-by: Christoph Kern <sheogorath@shivering-isles.com>
* Merge pull request #718 from takmatsu/masterChristoph (Sheogorath) Kern2018-02-081-2/+2
|\ | | | | Fix typo of DB migration script
| * Fix typo of DB migration scriptTakeaki Matsumoto2018-02-081-2/+2
|/ | | | Signed-off-by: Takeaki Matsumoto <takeaki.matsumoto@ntt.com>
* Merge pull request #716 from stbuehler/fix-refererChristoph (Sheogorath) Kern2018-02-052-6/+17
|\ | | | | don't require referer to find note id in socket.io connections (fixes #623)
| * don't require referer to find note id in socket.io connections (fixes #623)Stefan Bühler2018-02-052-6/+17
|/ | | | Signed-off-by: Stefan Bühler <buehler@cert.uni-stuttgart.de>
* Merge pull request #714 from SISheogorath/fix/uncaughtExceptionChristoph (Sheogorath) Kern2018-01-311-0/+5
|\ | | | | Fix uncaught exception for non-existent user
| * Fix uncaught exception for non-existent userSheogorath2018-01-301-0/+5
| | | | | | | | | | | | | | Since we added user management it's possible to get non-existent users which can cause a crash of the Backend server. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Update Heroku buttonSheogorath2018-01-311-2/+4
| | | | | | | | | | | | | | | | | | The button needs a parameter to work, that provides the git repository that is used for the deployment. This commit corrects the link and this way fixes the provisioning as it's not working with the wrong/default buildpacks. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Update yarn.lockSheogorath2018-01-311-52/+96
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #713 from SISheogorath/update/socketioChristoph (Sheogorath) Kern2018-01-302-3/+3
|\ \ | |/ |/| Update socket.io to version 2.0.4
| * Update socket.io to version 2.0.4Sheogorath2018-01-302-3/+3
|/ | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Prevent "wrong type"-issueSheogorath2018-01-291-1/+1
| | | | | | | | | | The argument is may interpreted as number which causes the "pass" parameter of the user creation to fail. Probably the same applies to the mail address. But mail addresses are by definition not allowed to start by a number (iirc) which makes it less a problem. This is mainly a quick fix. Should be refactored a bit in future. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update yarn.lockSheogorath2018-01-291-0/+4
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #707 from Nebukadneza/add_cmdline_usermanagerChristoph (Sheogorath) Kern2018-01-294-3/+94
|\ | | | | Add simple user-management tool for emailsignin
| * Make travis run shellcheck only on shellscriptsDario Ernst2018-01-291-1/+1
| | | | | | | | | | | | | | | | There are only a few scripts in bin/, but not all might be shell. At least for the moment, it seems reasonable to explicitely enumerate all shell-scripts in bin/ for shellcheck … Signed-off-by: Dario Ernst <dario@kanojo.de>