| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Linter: Fix all lint errors | Philip Molares | 2021-02-15 | 1 | -17/+17 |
| | | | | | Signed-off-by: Philip Molares <philip.molares@udo.edu> | ||||
| * | Don't accept sandbox attribute | RyotaK | 2019-10-22 | 1 | -1/+1 |
| | | | | | | | Because sandbox is whitelist attribute, attacker will be able to create iframe that has more permission than default. Signed-off-by: RyotaK <49341894+ry0tak@users.noreply.github.com> | ||||
| * | Fix eslint warnings | Sheogorath | 2019-05-31 | 1 | -1/+1 |
| | | | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
| * | Fix to escape html comment tag [Security Issue] | Max Wu | 2018-12-28 | 1 | -1/+1 |
| | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com> | ||||
| * | Remove the xss library from webpack | Sheogorath | 2018-11-10 | 1 | -2/+5 |
| | | | | | | | | | We can load the xss functions directly from the library instead of loading them through the expose loader of webpack, this should simplify the setup and maybe even improve speed a bit. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
| * | Update to allow rp tag for ruby | Max Wu | 2018-02-26 | 1 | -0/+2 |
| | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com> | ||||
| * | Remove manual allow details tag since default already allow it | Max Wu | 2018-02-26 | 1 | -3/+1 |
| | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com> | ||||
| * | Extend HTML5 support by whitelisting various tags | Sheogorath | 2018-02-25 | 1 | -1/+11 |
| | | | | | | | | | | | | | HTML5 provides a wide feature set of useful elements. Since Markdown usually supports HTML it should be able to use these HTML5 tags as well. As they were requested by some users and they where checked for being safe, whitelisting them isn't a problem. To make the experience the same as on GitHub when it comes to the basic look and feel of the rendered markdown, some CSS was added to make the summary and the details tag look like on GitHub. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
| * | Prevent XSS vul by srcdoc in iframe | Sheogorath | 2017-11-24 | 1 | -1/+1 |
| | | |||||
| * | Fix unclosed tags might cause XSS [Security Issue] | Wu Cheng-Han | 2017-09-27 | 1 | -1/+1 |
| | | |||||
| * | Fix link regex should filter protocol with case insensitive flag [Security ↵ | Wu Cheng-Han | 2017-04-11 | 1 | -1/+1 |
| | | | | | Issue] | ||||
| * | Fix XSS vulnerability in link regex [Security Issue] | Wu Cheng-Han | 2017-03-22 | 1 | -2/+2 |
| | | |||||
| * | Fix render.js code styles | Wu Cheng-Han | 2017-03-22 | 1 | -6/+6 |
| | | |||||
| * | Use JavaScript Standard Style (part 2) | BoHong Li | 2017-03-09 | 1 | -37/+39 |
| | | | | | Fixed all fail on frontend code. | ||||
| * | Update to allow li tag specify value number | Wu Cheng-Han | 2017-02-17 | 1 | -0/+2 |
| | | |||||
| * | Fix slide might able to add unsafe attribute on section tag which cause XSS ↵ | Wu Cheng-Han | 2016-11-26 | 1 | -0/+1 |
| | | | | | [Security Issue] | ||||
| * | Update to support summary tag | Wu Cheng-Han | 2016-10-29 | 1 | -0/+2 |
| | | |||||
| * | More function expose workaround for reveal-markdown.js | Yukai Huang | 2016-10-10 | 1 | -0/+1 |
| | | |||||
| * | Resolve dependency module requiring | Yukai Huang | 2016-10-08 | 1 | -1/+5 |
| | | | | | | | | | * es5 style module exports * remove script tag require * webpack config ProvidePlugin Note that this commit only fix JavaScript module loading runtime error. | ||||
| * | Update to support data uri in src attribute of image tag | Wu Cheng-Han | 2016-08-15 | 1 | -0/+6 |
| | | |||||
| * | Update XSS policy to allow iframe and link with custom protocol | Wu Cheng-Han | 2016-08-14 | 1 | -10/+19 |
| | | |||||
| * | Update filter XSS to allow attr href starts with '.' or '/' | Cheng-Han, Wu | 2016-04-20 | 1 | -0/+6 |
| | | |||||
| * | Fix XSS HTML replace might get wrong on the HTML comments in the code tags | Cheng-Han, Wu | 2016-04-20 | 1 | -0/+4 |
| | | |||||
| * | Fixed filter XSS should allow ordered list specify start number | Cheng-Han, Wu | 2016-03-04 | 1 | -0/+4 |
| | | |||||
| * | Support kbd tag | Cheng-Han, Wu | 2016-02-22 | 1 | -1/+1 |
| | | |||||
| * | Updated to support html comment tag in XSS | Cheng-Han, Wu | 2016-02-16 | 1 | -1/+2 |
| | | |||||
| * | Updated XSS filter options to allow style tag and style attribute | Cheng-Han, Wu | 2016-02-11 | 1 | -11/+21 |
| | | |||||
| * | Fixed prevent XSS might break lots of tags and only need after rendered | Cheng-Han, Wu | 2016-02-11 | 1 | -0/+13 |
 |
index : hedgedoc | |
| Hedgedoc with support for CindyScript |
| summaryrefslogtreecommitdiff |