summaryrefslogtreecommitdiff
path: root/public/js (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use URL constructor instead of regex to check for valid URLDavid Mehren2020-11-101-9/+4
| | | | | | | Fixes #545 Co-authored-by: Yannick Bungers <git@innay.de> Signed-off-by: David Mehren <git@herrmehren.de>
* Merge pull request #486 from codimd/feature/cookie-policyDavid Mehren2020-09-255-12/+14
|\
| * Add config option for cookie SameSite policyErik Michelson2020-08-275-12/+14
| | | | | | | | Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* | Add prevent default to export button tooErik Michelson2020-08-231-1/+2
| | | | | | | | Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* | Add dropbox CSP directive if configured and make button clickableErik Michelson2020-08-231-1/+2
|/ | | | | | | The lack of a 'preventDefault' on the click event handler resulted in the dropbox link being unclickable. Furthermore because of a missing CSP rule, the dropbox script couldn't be loaded. The dropbox origin is now added to the CSP script sources if dropbox integration is configured. Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* Made changed/created status translatableErik Michelson2020-08-131-3/+6
| | | | | | The current version of CodiMD/HedgeDoc does only support translations to be filled on server-side rendering. To allow the translation of the changed/created texts, I duplicated the container that holds the text, and pre-filed these containers with the translation server-side. The client just needs to hide the unneeded container and show the right one to show the translated status text. Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* Restructured locale.js to be included into the editor's js bundleErik Michelson2020-08-132-31/+34
| | | | | | Until now client-side translations were only possible in the context of the intro/history page, because the locale-detection logic relied on the language selector as a source of available languages. The editor of course has no such selector. With this commit, I copied the list of available languages from the i18n-initialization (server-side) to support language detection in the editor too. Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* Fixed setting moment.js locale to user-defined languageErik Michelson2020-08-132-1/+7
| | | | Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* Set all cookies with sameSite: strictDavid Mehren2020-06-084-12/+24
| | | | | | Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite Signed-off-by: David Mehren <dmehren1@gmail.com>
* Fix revision redirect to index pageSheogorath2020-02-101-1/+1
| | | | | | | | | | | | | | | The revision view had a bug that clicking on a list entry would redirect the user back to the index page instead of providing the revision diff. This was cased by the baseurl which is now used as reference for hrefs. Therefore when clicking on the `href="#"` this was actually pointing at `<baseurl>#` which is usually the index page. This patch simply removes the href from the list items and therefore the link functionality. This fixes the whole problem by removing 9 characters from our source code. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix #249 - Focus user field after opening login modalErik Michelson2020-01-081-0/+14
| | | | Signed-off-by: Erik Michelson <erik@liltv.de>
* make standard conform [fix]hoijui2019-10-301-8/+5
| | | | Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* make `headerIds` `const` [fix]hoijui2019-10-301-1/+1
| | | | Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* fix gfm header link generation with respect to `deduplicatedHeaderId`hoijui2019-10-301-19/+69
| | | | Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* linkifyHeaderStyle needs no string-ification; is already str.hoijui2019-10-301-1/+1
| | | | | Co-Authored-By: Yukai Huang <yukaihuangtw@gmail.com> Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* Merge pull request #205 from hoijui/linkifyHeaderStyleSheogorath2019-10-232-4/+10
|\ | | | | Allow to generate lower case header references through the config
| * Allow to generate lower case header references through the confighoijui2019-10-222-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | This makes the references consistent/compatible with GitHub, GitLab, Pandoc and many other tools. This behavior can be enabled in config.json with: ``` "linkifyHeaderStyle": "gfm" ``` Signed-off-by: hoijui <hoijui.quaero@gmail.com>
| * slight doc comment touch-up/simplification [minor]hoijui2019-10-221-3/+3
| | | | | | | | Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* | Don't accept sandbox attributeRyotaK2019-10-221-1/+1
|/ | | | | | Because sandbox is whitelist attribute, attacker will be able to create iframe that has more permission than default. Signed-off-by: RyotaK <49341894+ry0tak@users.noreply.github.com>
* Merge pull request #97 from SISheogorath/fix/lintingSheogorath2019-06-0410-953/+958
|\ | | | | Fix eslint warnings
| * Fix eslint warningsSheogorath2019-05-3110-953/+958
| | | | | | | | | | | | | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | fixed styling of slides previewToma Tasovac2019-05-301-0/+2
|/ | | | Signed-off-by: Toma Tasovac <ttasovac@humanistika.org>
* Fix toolbar day modePedro Ferreira2019-05-122-15/+17
| | | | | | Also moved the code to SCSS Signed-off-by: Pedro Ferreira <pedro@dete.st>
* Make upload button respect night modePedro Ferreira2019-05-122-4/+4
| | | | | | | Also set a title in the input field, so that the file name doesn't show up. Signed-off-by: Pedro Ferreira <pedro@dete.st>
* Replace js-url with wurlSheogorath2019-04-162-4/+6
| | | | | | | | js-url is outdated and wurl is it's successor. This will fix some vulnerabilities in the dependencies and also optimize the build process by removing the external library toward internal tooling. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix stored XSS in the graphviz error message rendering [Security Issue]Max Wu2019-04-161-6/+7
| | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com> Co-Authored-By: Sheogorath <sheogorath@shivering-isles.com>
* Move upload button into toolbarSheogorath2019-03-254-17/+13
| | | | | | | | | | | | | Currently we have the odd situation to have two toolbars. One inside the header and one in the editor. Since we only show the image upload button when the editor is visible we should move the upload button into the editor toolbar. This patch does this by adding the image upload button besides the image tag button. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix broken HTML export with emojisSheogorath2019-03-091-1/+1
| | | | | | | | | HTML export was broken due to missing alt-attribute for emojis. This patch adds the old alt-element style and restores the exportability this way. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix CI errors for unused variablesSheogorath2019-02-211-3/+2
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Remove broken speakerdeck embeddingSheogorath2019-02-211-28/+7
| | | | | | | | | | | | The current speakerdeck implementation is broken. An alternative implementation using oembed doesn't work due to CORS, which could be solved by proxying the speakerdeck API, but we decided to not do this. This patch provides the link to the speakerdeck presentation instead, and this way doesn't break existing notes. This is right now the best solution we could come up with. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix to escape html comment tag [Security Issue]Max Wu2018-12-281-1/+1
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Update from to-markdown to turndownSheogorath2018-11-211-2/+7
| | | | | | | | | | | | | | We got a security alert for a regular expression DoS attack on our used library `to-markdown`. After checking `to-markdown` to be maintained or not, it turned out they renamed the library to `turndown`. So upgrading to `turndown` should fix this vulnerbility. References: https://www.npmjs.com/package/to-markdown https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1043 from SISheogorath/fix/tocEmptyHeadChristoph (Sheogorath) Kern2018-11-192-2/+5
|\ | | | | Fix ToC breaking documents with empty h* elements
| * Fix wrong anchorsSheogorath2018-11-192-2/+5
| | | | | | | | | | | | | | | | | | | | While experimenting with the ToC changes, it became obvious that anchors for those unnamed headers don't work. This patch fixes those links by running the autolinkify twice and make sure linkify only adds links to non-empty ids. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | switching to eslint for code checkingClaudius Coenen2018-11-144-6/+9
| | | | | | | | | | | | | | most rules degraded to WARN, so we don't go insane. This will change over time. The aim is to conform to a common style Signed-off-by: Claudius Coenen <opensource@amenthes.de>
* | Remove the xss library from webpackSheogorath2018-11-102-4/+7
|/ | | | | | | | We can load the xss functions directly from the library instead of loading them through the expose loader of webpack, this should simplify the setup and maybe even improve speed a bit. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Again: Replace emoji-plugin regexSheogorath2018-10-311-7/+6
| | | | | | | | | | | | | | | | The Regex introduced in the last commit[1], was already working quite good. But still resulted in false positives for all URL that contained a second `:`. To fix this once and for all, we craft a simple, but long regex based on all emoji names and use this to match them. We could probably optimize it, but that should also be something the regex engine itself can and should do. [1]: 7e45533c75a3697c916e52e5f4ddff42a38bd3d5 (in this source tree) Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix emoji regexSheogorath2018-10-291-1/+1
| | | | | | | | | | | | | | | | | | The old regex, adapted from the other plugins, was a bit too open for matching. This leads to matching something like: `This is a sentence: [And something with a: in it.]()` which doesn't become a link anymore. Because the match is: ` [And something with a`. This patch provides a fix for the regex to only match non-space string within the `:`'s. References: - Introducing commit: https://github.com/hackmdio/codimd/commit/2063eb8bdf9c0537e9fcfadd7f587658c72bd281 - Inspirational source of the original RegEx: https://github.com/hackmdio/codimd/blob/2063eb8bdf9c0537e9fcfadd7f587658c72bd281/public/js/extra.js#L1095 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1006 from SISheogorath/fix/missingEmojisChristoph (Sheogorath) Kern2018-10-221-0/+15
|\ | | | | Fix not rendered autocomplete emojis
| * Fix not rendered autocomplete emojisSheogorath2018-10-101-0/+15
| | | | | | | | | | | | | | | | | | | | Currently we have some emojis that are autocompleted but won't show up in the resulting document. This patch adds all emojis that are pushed to Codemirror and applies them to the markdown rendering process, so they become usable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #1004 from SISheogorath/feature/integrateHljsChristoph (Sheogorath) Kern2018-10-111-1/+2
|\ \ | | | | | | Add autocomplete for highlight.js languages into codemirror
| * | Add autocomplete for highlight.js languages into codemirrorSheogorath2018-10-101-1/+2
| |/ | | | | | | | | | | | | | | | | | | Right now we support code highlighting for rust, but it doesn't appear in autocomplete of codemirror, because codemirror is not aware of it. This patch lets highlightjs simply tell codemirror, what it supports and adds this to the autocomplete list. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* / Remove dead package octiconSheogorath2018-10-101-1/+1
|/ | | | | | | | Octicon no longer provides its CSS classes and this way is useless in CodiMD. Replacing all used classes in the UI and remove it from build system. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix #986 : Visibility is now transmitted with gitlab V4 apiCédric Couralet2018-10-091-1/+1
| | | | Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* Add rel="noopener" to target="_blank" linksSheogorath2018-10-041-1/+3
| | | | | | | | | | The noopener construct protects from some nasty clickjacking attacks. We can apply them savely to all our links since we don't rely on the previously used page. Some more details: https://mathiasbynens.github.io/rel-noopener/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add possibility to choose between version v3 or v4 for the gitlab api.Cédric Couralet2018-07-311-6/+11
| | | | | | | | Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility) Default gitlab api version to v4 Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* Fix some false titlesAlexander Wellbrock2018-07-081-2/+2
| | | Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>
* Update storeSheogorath2018-06-301-59/+20
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix broken unicode urlsSheogorath2018-06-261-1/+1
| | | | | | | | | | It wasn't possible to create unicode based URLs in freeurl mode, because the noteid used for the websocket connection is double escaped. When we decode it and let socketio-client reencode it, we get the real shortid/noteid and can find the note in the database and open the connection. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #863 from hackmdio/feature/slidePrintChristoph (Sheogorath) Kern2018-06-261-0/+1
|\ | | | | Add Print icon to slide view