| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Add config option for report URI in CSP
|
| |
| |
| |
| |
| |
| |
| |
| | |
This option is needed as it's currently not possible to add an report
URI by the directives array. This option also allows to get CSP reports
not only on docker based setup but also on our heroku instances.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| | |
| | | |
Convert HMD_MINIO_PORT into Number type.
|
|/ /
| |
| |
| |
| | |
fix hackmdio/hackmd#763
Signed-off-by: Tang TsungYi <vazontang@gmail.com>
|
|\ \
| |/
|/| |
Multiple emails from LDAP are already an Array
|
|/
|
|
| |
Signed-off-by: Felix Schäfer <felix@thegcat.net>
|
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Remove engine.io-client dependency
|
|/
|
|
| |
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|\
| |
| |
| |
| | |
Remove unused LDAP option `tokenSecret`
fixes #754
|
|/
|
|
|
|
| |
hackmdio/hackmd#754
Signed-off-by: Felix Schäfer <felix@thegcat.net>
|
|\
| |
| | |
Fix small typo
|
|/
|
|
| |
Signed-off-by: Robin Naundorf <r.naundorf@fh-muenster.de>
|
|\
| |
| | |
Use ldap.usernameField over hardcoded uid fields
|
|/
|
|
| |
Signed-off-by: Dustin Frisch <fooker@lab.sh>
|
|\
| |
| | |
Support more html5 tags and styles
|
| |
| |
| |
| | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|/
|
|
| |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|\
| |
| | |
Extend HTML5 support by whitelisting various tags
|
|/
|
|
|
|
|
|
|
|
|
|
| |
HTML5 provides a wide feature set of useful elements. Since Markdown
usually supports HTML it should be able to use these HTML5 tags as well.
As they were requested by some users and they where checked for being
safe, whitelisting them isn't a problem. To make the experience the same
as on GitHub when it comes to the basic look and feel of the rendered
markdown, some CSS was added to make the summary and the details tag
look like on GitHub.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Allow the usage of the esc-key by codemirror
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
This change allows all input modes of codemirror to use the information
from an input esc-key and make this way vim and sublime more
functional. To prevent this change from breaking the return from the
fullscreen mode, it catches the esc-key in this case. Hopefully this is
an acceptable solution.
As before the vim-mode is handled different in fulltext-mode as it is
esc-key heavy.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Use jq instead of jsonlint
|
|/
|
|
|
|
|
|
|
| |
As the jsonlint package from NPM causes problems and looks unmaintained,
it'll be replaced with `jq` a well maintained project which allows to
search through JSON files in a `grep`-like style, but knowing the JSON
structure.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Update README.md
|
| |
| |
| |
| | |
Signed-off-by: Anthony "Zearin" Rogers <zearin@users.sourceforge.net>
|
| |
| |
| |
| | |
Signed-off-by: Anthony "Zearin" Rogers <zearin@users.sourceforge.net>
|
|\ \
| | |
| | | |
Fix to show 500 message when got error in parseNoteId
|
|/ /
| |
| |
| | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|\|
| |
| | |
Add referrer policy
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a referrer policy to all requests.
The usage of `same-origin` allows HackMD to still interpret all requests
and this way not break anything. But it prevents 3rd party scripts,
pictures and more to get informations that may lead to not secured note.
It has to be mentioned that this maybe breaks some features of the
Google Analytics embedding. This has to be tested.
Fixes #724
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
* Fix field type to prevent data truncation of authorship
|
|
|
|
|
|
|
|
|
| |
Matrix.org is an interesting platform for collaboration and community building.
Thanks to various clients it supports it's maybe better than gitter to keep people on track and have a community feeling, discuss changes and more.
Not not split up into two parties not knowing of each other, the Gitter channel and the Matrix channel are bridged. This helps to keep everyone informed while add more medias.
Signed-off-by: Christoph Kern <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fix typo of DB migration script
|
|/
|
|
| |
Signed-off-by: Takeaki Matsumoto <takeaki.matsumoto@ntt.com>
|
|\
| |
| | |
don't require referer to find note id in socket.io connections (fixes #623)
|
|/
|
|
| |
Signed-off-by: Stefan Bühler <buehler@cert.uni-stuttgart.de>
|
|\
| |
| | |
Fix uncaught exception for non-existent user
|
| |
| |
| |
| |
| |
| |
| | |
Since we added user management it's possible to get non-existent users
which can cause a crash of the Backend server.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The button needs a parameter to work, that provides the git repository
that is used for the deployment. This commit corrects the link and this
way fixes the provisioning as it's not working with the wrong/default
buildpacks.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| |/
|/| |
Update socket.io to version 2.0.4
|
|/
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
| |
The argument is may interpreted as number which causes the "pass"
parameter of the user creation to fail. Probably the same applies to the
mail address. But mail addresses are by definition not allowed to start
by a number (iirc) which makes it less a problem. This is mainly a quick
fix. Should be refactored a bit in future.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Add simple user-management tool for emailsignin
|
| |
| |
| |
| |
| |
| |
| |
| | |
There are only a few scripts in bin/, but not all might be shell. At
least for the moment, it seems reasonable to explicitely enumerate all
shell-scripts in bin/ for shellcheck …
Signed-off-by: Dario Ernst <dario@kanojo.de>
|