summaryrefslogtreecommitdiff
path: root/public/js (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix HTML clipboard importDavid Mehren2021-02-161-1/+1
| | | | | | | | | | jQuery's .html() method escapes contained text (e.g. '<' becomes '&lt;'). This confuses the turndown parser, which then only performs unescaping, but does not convert to markdown. By using .text() instead, the unescaped content is returned and turndown can correctly generate markdown. Signed-off-by: David Mehren <git@herrmehren.de>
* Linter: Fix all lint errorsPhilip Molares2021-02-1514-1040/+1707
| | | | Signed-off-by: Philip Molares <philip.molares@udo.edu>
* Update webpack config and JS import for spin.js v4David Mehren2021-02-121-1/+2
| | | | Signed-off-by: David Mehren <git@herrmehren.de>
* Fix wrong acces to slide optionsTilman Vatteroth2021-02-021-49/+50
| | | | | | | | | | If the slide options in the frontmatter are empty or not present, then slideOptions object in the parsed JSON is undefined. This triggers an exception when the sanitized slide options object is built. Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
* Delete slide options that are not definedTilman Vatteroth2021-01-151-0/+6
| | | | | | | | Reveal.js doesn't set the default value of an option in the provided config object if the key is set with "undefined" as value. This leads to a broken slide mode, because some critical settings are missing. Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
* added theme to the sanitization of slideOptionsPhilip Molares2021-01-141-0/+1
| | | | Signed-off-by: Philip Molares <philip.molares@udo.edu>
* changed the SCRIPT_END_PLACEHOLDER regex to case insensitivePhilip Molares2021-01-141-1/+1
| | | | | | this was suggested by @TobiasHoll in https://github.com/hackmdio/codimd/issues/1648 Signed-off-by: Philip Molares <philip.molares@udo.edu>
* added sanitation to the slideMode in frontmatterPhilip Molares2021-01-141-1/+50
| | | | | | | | | | | | | This should prevent the issue mentioned in https://github.com/hackmdio/codimd/issues/1648 Specifically left out are - dependency (user can't really include anything anyway, because CSP forbids most domains) - autoSlideMethod (nothing our users should be able to change as they won't write JS to be affected by this) - keyboard (this let's users write arbitrary code and seems therefore to problematic) See: https://github.com/hakimel/reveal.js/blob/3.9.2/README.md#configuration Signed-off-by: Philip Molares <philip.molares@udo.edu>
* Don't store mermaid diagrams in innerHTMLDavid Mehren2020-12-271-1/+1
| | | | | | | Using jQuery's `.html()` method stores the given string as `innerHTML`, which enables injection of arbitrary DOM elements. Using `.text()` instead mitigates this issue. Signed-off-by: David Mehren <git@herrmehren.de>
* Remove reference to nonexisting DOM elementDavid Mehren2020-11-271-2/+0
| | | | | | This was missed in #596 and breaks the frontend JS. Signed-off-by: David Mehren <git@herrmehren.de>
* Remove pdf export codeTilman Vatteroth2020-11-261-2/+1
| | | | Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
* Replace CodiMD with HedgeDocErik Michelson2020-11-142-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Erik Michelson <github@erik.michelson.eu> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in public/views Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in README Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in SECURITY.md Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in LICENSE Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in docs/configuration.md Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in bin/setup Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in docs/guides Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in docs/dev Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in docs/guides/auth Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in docs/setup Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update various links in code to the new GitHub org. Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: codiMDVersion.js is now hedgeDocVersion.js Signed-off-by: David Mehren <git@herrmehren.de> Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: References in docs/setup/yunohost Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rebrand to HedgeDoc: Add banner and logo Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Update links in docs/guides/migrate-etherpad Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Remove note in docs/guides/auth/github Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Replace links in public/docs/features Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Add todo placeholder in docs/history Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Replace github link in public/views/index/body Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Replace github link in README Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Add logo to README Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Rename to HedgeDoc: Add note about the renaming to the front page Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de> Removed Travis from README.md and change CodiMD to HedgeDoc in some places Signed-off-by: Yannick Bungers <git@innay.de> Some more renaming to HedgeDoc - Fixed capitalization of HedgeDoc - Added renaming for etherpad migration doc Signed-off-by: Yannick Bungers <git@innay.de> Changed Repo name to hedgedoc Signed-off-by: Yannick Bungers <git@innay.de>
* Use URL constructor instead of regex to check for valid URLDavid Mehren2020-11-101-9/+4
| | | | | | | Fixes #545 Co-authored-by: Yannick Bungers <git@innay.de> Signed-off-by: David Mehren <git@herrmehren.de>
* Merge pull request #486 from codimd/feature/cookie-policyDavid Mehren2020-09-255-12/+14
|\
| * Add config option for cookie SameSite policyErik Michelson2020-08-275-12/+14
| | | | | | | | Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* | Add prevent default to export button tooErik Michelson2020-08-231-1/+2
| | | | | | | | Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* | Add dropbox CSP directive if configured and make button clickableErik Michelson2020-08-231-1/+2
|/ | | | | | | The lack of a 'preventDefault' on the click event handler resulted in the dropbox link being unclickable. Furthermore because of a missing CSP rule, the dropbox script couldn't be loaded. The dropbox origin is now added to the CSP script sources if dropbox integration is configured. Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* Made changed/created status translatableErik Michelson2020-08-131-3/+6
| | | | | | The current version of CodiMD/HedgeDoc does only support translations to be filled on server-side rendering. To allow the translation of the changed/created texts, I duplicated the container that holds the text, and pre-filed these containers with the translation server-side. The client just needs to hide the unneeded container and show the right one to show the translated status text. Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* Restructured locale.js to be included into the editor's js bundleErik Michelson2020-08-132-31/+34
| | | | | | Until now client-side translations were only possible in the context of the intro/history page, because the locale-detection logic relied on the language selector as a source of available languages. The editor of course has no such selector. With this commit, I copied the list of available languages from the i18n-initialization (server-side) to support language detection in the editor too. Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* Fixed setting moment.js locale to user-defined languageErik Michelson2020-08-132-1/+7
| | | | Signed-off-by: Erik Michelson <github@erik.michelson.eu>
* Set all cookies with sameSite: strictDavid Mehren2020-06-084-12/+24
| | | | | | Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite Signed-off-by: David Mehren <dmehren1@gmail.com>
* Fix revision redirect to index pageSheogorath2020-02-101-1/+1
| | | | | | | | | | | | | | | The revision view had a bug that clicking on a list entry would redirect the user back to the index page instead of providing the revision diff. This was cased by the baseurl which is now used as reference for hrefs. Therefore when clicking on the `href="#"` this was actually pointing at `<baseurl>#` which is usually the index page. This patch simply removes the href from the list items and therefore the link functionality. This fixes the whole problem by removing 9 characters from our source code. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix #249 - Focus user field after opening login modalErik Michelson2020-01-081-0/+14
| | | | Signed-off-by: Erik Michelson <erik@liltv.de>
* make standard conform [fix]hoijui2019-10-301-8/+5
| | | | Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* make `headerIds` `const` [fix]hoijui2019-10-301-1/+1
| | | | Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* fix gfm header link generation with respect to `deduplicatedHeaderId`hoijui2019-10-301-19/+69
| | | | Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* linkifyHeaderStyle needs no string-ification; is already str.hoijui2019-10-301-1/+1
| | | | | Co-Authored-By: Yukai Huang <yukaihuangtw@gmail.com> Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* Merge pull request #205 from hoijui/linkifyHeaderStyleSheogorath2019-10-232-4/+10
|\ | | | | Allow to generate lower case header references through the config
| * Allow to generate lower case header references through the confighoijui2019-10-222-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | This makes the references consistent/compatible with GitHub, GitLab, Pandoc and many other tools. This behavior can be enabled in config.json with: ``` "linkifyHeaderStyle": "gfm" ``` Signed-off-by: hoijui <hoijui.quaero@gmail.com>
| * slight doc comment touch-up/simplification [minor]hoijui2019-10-221-3/+3
| | | | | | | | Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* | Don't accept sandbox attributeRyotaK2019-10-221-1/+1
|/ | | | | | Because sandbox is whitelist attribute, attacker will be able to create iframe that has more permission than default. Signed-off-by: RyotaK <49341894+ry0tak@users.noreply.github.com>
* Merge pull request #97 from SISheogorath/fix/lintingSheogorath2019-06-0410-953/+958
|\ | | | | Fix eslint warnings
| * Fix eslint warningsSheogorath2019-05-3110-953/+958
| | | | | | | | | | | | | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | fixed styling of slides previewToma Tasovac2019-05-301-0/+2
|/ | | | Signed-off-by: Toma Tasovac <ttasovac@humanistika.org>
* Fix toolbar day modePedro Ferreira2019-05-122-15/+17
| | | | | | Also moved the code to SCSS Signed-off-by: Pedro Ferreira <pedro@dete.st>
* Make upload button respect night modePedro Ferreira2019-05-122-4/+4
| | | | | | | Also set a title in the input field, so that the file name doesn't show up. Signed-off-by: Pedro Ferreira <pedro@dete.st>
* Replace js-url with wurlSheogorath2019-04-162-4/+6
| | | | | | | | js-url is outdated and wurl is it's successor. This will fix some vulnerabilities in the dependencies and also optimize the build process by removing the external library toward internal tooling. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix stored XSS in the graphviz error message rendering [Security Issue]Max Wu2019-04-161-6/+7
| | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com> Co-Authored-By: Sheogorath <sheogorath@shivering-isles.com>
* Move upload button into toolbarSheogorath2019-03-254-17/+13
| | | | | | | | | | | | | Currently we have the odd situation to have two toolbars. One inside the header and one in the editor. Since we only show the image upload button when the editor is visible we should move the upload button into the editor toolbar. This patch does this by adding the image upload button besides the image tag button. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix broken HTML export with emojisSheogorath2019-03-091-1/+1
| | | | | | | | | HTML export was broken due to missing alt-attribute for emojis. This patch adds the old alt-element style and restores the exportability this way. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix CI errors for unused variablesSheogorath2019-02-211-3/+2
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Remove broken speakerdeck embeddingSheogorath2019-02-211-28/+7
| | | | | | | | | | | | The current speakerdeck implementation is broken. An alternative implementation using oembed doesn't work due to CORS, which could be solved by proxying the speakerdeck API, but we decided to not do this. This patch provides the link to the speakerdeck presentation instead, and this way doesn't break existing notes. This is right now the best solution we could come up with. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix to escape html comment tag [Security Issue]Max Wu2018-12-281-1/+1
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Update from to-markdown to turndownSheogorath2018-11-211-2/+7
| | | | | | | | | | | | | | We got a security alert for a regular expression DoS attack on our used library `to-markdown`. After checking `to-markdown` to be maintained or not, it turned out they renamed the library to `turndown`. So upgrading to `turndown` should fix this vulnerbility. References: https://www.npmjs.com/package/to-markdown https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1043 from SISheogorath/fix/tocEmptyHeadChristoph (Sheogorath) Kern2018-11-192-2/+5
|\ | | | | Fix ToC breaking documents with empty h* elements
| * Fix wrong anchorsSheogorath2018-11-192-2/+5
| | | | | | | | | | | | | | | | | | | | While experimenting with the ToC changes, it became obvious that anchors for those unnamed headers don't work. This patch fixes those links by running the autolinkify twice and make sure linkify only adds links to non-empty ids. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | switching to eslint for code checkingClaudius Coenen2018-11-144-6/+9
| | | | | | | | | | | | | | most rules degraded to WARN, so we don't go insane. This will change over time. The aim is to conform to a common style Signed-off-by: Claudius Coenen <opensource@amenthes.de>
* | Remove the xss library from webpackSheogorath2018-11-102-4/+7
|/ | | | | | | | We can load the xss functions directly from the library instead of loading them through the expose loader of webpack, this should simplify the setup and maybe even improve speed a bit. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Again: Replace emoji-plugin regexSheogorath2018-10-311-7/+6
| | | | | | | | | | | | | | | | The Regex introduced in the last commit[1], was already working quite good. But still resulted in false positives for all URL that contained a second `:`. To fix this once and for all, we craft a simple, but long regex based on all emoji names and use this to match them. We could probably optimize it, but that should also be something the regex engine itself can and should do. [1]: 7e45533c75a3697c916e52e5f4ddff42a38bd3d5 (in this source tree) Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix emoji regexSheogorath2018-10-291-1/+1
| | | | | | | | | | | | | | | | | | The old regex, adapted from the other plugins, was a bit too open for matching. This leads to matching something like: `This is a sentence: [And something with a: in it.]()` which doesn't become a link anymore. Because the match is: ` [And something with a`. This patch provides a fix for the regex to only match non-space string within the `:`'s. References: - Introducing commit: https://github.com/hackmdio/codimd/commit/2063eb8bdf9c0537e9fcfadd7f587658c72bd281 - Inspirational source of the original RegEx: https://github.com/hackmdio/codimd/blob/2063eb8bdf9c0537e9fcfadd7f587658c72bd281/public/js/extra.js#L1095 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>