summaryrefslogtreecommitdiff
path: root/public/js (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Don't accept sandbox attributeRyotaK2019-10-221-1/+1
| | | | | | Because sandbox is whitelist attribute, attacker will be able to create iframe that has more permission than default. Signed-off-by: RyotaK <49341894+ry0tak@users.noreply.github.com>
* Merge pull request #97 from SISheogorath/fix/lintingSheogorath2019-06-0410-953/+958
|\ | | | | Fix eslint warnings
| * Fix eslint warningsSheogorath2019-05-3110-953/+958
| | | | | | | | | | | | | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | fixed styling of slides previewToma Tasovac2019-05-301-0/+2
|/ | | | Signed-off-by: Toma Tasovac <ttasovac@humanistika.org>
* Fix toolbar day modePedro Ferreira2019-05-122-15/+17
| | | | | | Also moved the code to SCSS Signed-off-by: Pedro Ferreira <pedro@dete.st>
* Make upload button respect night modePedro Ferreira2019-05-122-4/+4
| | | | | | | Also set a title in the input field, so that the file name doesn't show up. Signed-off-by: Pedro Ferreira <pedro@dete.st>
* Replace js-url with wurlSheogorath2019-04-162-4/+6
| | | | | | | | js-url is outdated and wurl is it's successor. This will fix some vulnerabilities in the dependencies and also optimize the build process by removing the external library toward internal tooling. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix stored XSS in the graphviz error message rendering [Security Issue]Max Wu2019-04-161-6/+7
| | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com> Co-Authored-By: Sheogorath <sheogorath@shivering-isles.com>
* Move upload button into toolbarSheogorath2019-03-254-17/+13
| | | | | | | | | | | | | Currently we have the odd situation to have two toolbars. One inside the header and one in the editor. Since we only show the image upload button when the editor is visible we should move the upload button into the editor toolbar. This patch does this by adding the image upload button besides the image tag button. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix broken HTML export with emojisSheogorath2019-03-091-1/+1
| | | | | | | | | HTML export was broken due to missing alt-attribute for emojis. This patch adds the old alt-element style and restores the exportability this way. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix CI errors for unused variablesSheogorath2019-02-211-3/+2
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Remove broken speakerdeck embeddingSheogorath2019-02-211-28/+7
| | | | | | | | | | | | The current speakerdeck implementation is broken. An alternative implementation using oembed doesn't work due to CORS, which could be solved by proxying the speakerdeck API, but we decided to not do this. This patch provides the link to the speakerdeck presentation instead, and this way doesn't break existing notes. This is right now the best solution we could come up with. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix to escape html comment tag [Security Issue]Max Wu2018-12-281-1/+1
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Update from to-markdown to turndownSheogorath2018-11-211-2/+7
| | | | | | | | | | | | | | We got a security alert for a regular expression DoS attack on our used library `to-markdown`. After checking `to-markdown` to be maintained or not, it turned out they renamed the library to `turndown`. So upgrading to `turndown` should fix this vulnerbility. References: https://www.npmjs.com/package/to-markdown https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1043 from SISheogorath/fix/tocEmptyHeadChristoph (Sheogorath) Kern2018-11-192-2/+5
|\ | | | | Fix ToC breaking documents with empty h* elements
| * Fix wrong anchorsSheogorath2018-11-192-2/+5
| | | | | | | | | | | | | | | | | | | | While experimenting with the ToC changes, it became obvious that anchors for those unnamed headers don't work. This patch fixes those links by running the autolinkify twice and make sure linkify only adds links to non-empty ids. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | switching to eslint for code checkingClaudius Coenen2018-11-144-6/+9
| | | | | | | | | | | | | | most rules degraded to WARN, so we don't go insane. This will change over time. The aim is to conform to a common style Signed-off-by: Claudius Coenen <opensource@amenthes.de>
* | Remove the xss library from webpackSheogorath2018-11-102-4/+7
|/ | | | | | | | We can load the xss functions directly from the library instead of loading them through the expose loader of webpack, this should simplify the setup and maybe even improve speed a bit. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Again: Replace emoji-plugin regexSheogorath2018-10-311-7/+6
| | | | | | | | | | | | | | | | The Regex introduced in the last commit[1], was already working quite good. But still resulted in false positives for all URL that contained a second `:`. To fix this once and for all, we craft a simple, but long regex based on all emoji names and use this to match them. We could probably optimize it, but that should also be something the regex engine itself can and should do. [1]: 7e45533c75a3697c916e52e5f4ddff42a38bd3d5 (in this source tree) Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix emoji regexSheogorath2018-10-291-1/+1
| | | | | | | | | | | | | | | | | | The old regex, adapted from the other plugins, was a bit too open for matching. This leads to matching something like: `This is a sentence: [And something with a: in it.]()` which doesn't become a link anymore. Because the match is: ` [And something with a`. This patch provides a fix for the regex to only match non-space string within the `:`'s. References: - Introducing commit: https://github.com/hackmdio/codimd/commit/2063eb8bdf9c0537e9fcfadd7f587658c72bd281 - Inspirational source of the original RegEx: https://github.com/hackmdio/codimd/blob/2063eb8bdf9c0537e9fcfadd7f587658c72bd281/public/js/extra.js#L1095 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1006 from SISheogorath/fix/missingEmojisChristoph (Sheogorath) Kern2018-10-221-0/+15
|\ | | | | Fix not rendered autocomplete emojis
| * Fix not rendered autocomplete emojisSheogorath2018-10-101-0/+15
| | | | | | | | | | | | | | | | | | | | Currently we have some emojis that are autocompleted but won't show up in the resulting document. This patch adds all emojis that are pushed to Codemirror and applies them to the markdown rendering process, so they become usable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #1004 from SISheogorath/feature/integrateHljsChristoph (Sheogorath) Kern2018-10-111-1/+2
|\ \ | | | | | | Add autocomplete for highlight.js languages into codemirror
| * | Add autocomplete for highlight.js languages into codemirrorSheogorath2018-10-101-1/+2
| |/ | | | | | | | | | | | | | | | | | | Right now we support code highlighting for rust, but it doesn't appear in autocomplete of codemirror, because codemirror is not aware of it. This patch lets highlightjs simply tell codemirror, what it supports and adds this to the autocomplete list. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* / Remove dead package octiconSheogorath2018-10-101-1/+1
|/ | | | | | | | Octicon no longer provides its CSS classes and this way is useless in CodiMD. Replacing all used classes in the UI and remove it from build system. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix #986 : Visibility is now transmitted with gitlab V4 apiCédric Couralet2018-10-091-1/+1
| | | | Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* Add rel="noopener" to target="_blank" linksSheogorath2018-10-041-1/+3
| | | | | | | | | | The noopener construct protects from some nasty clickjacking attacks. We can apply them savely to all our links since we don't rely on the previously used page. Some more details: https://mathiasbynens.github.io/rel-noopener/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add possibility to choose between version v3 or v4 for the gitlab api.Cédric Couralet2018-07-311-6/+11
| | | | | | | | Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility) Default gitlab api version to v4 Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* Fix some false titlesAlexander Wellbrock2018-07-081-2/+2
| | | Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>
* Update storeSheogorath2018-06-301-59/+20
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix broken unicode urlsSheogorath2018-06-261-1/+1
| | | | | | | | | | It wasn't possible to create unicode based URLs in freeurl mode, because the noteid used for the websocket connection is double escaped. When we decode it and let socketio-client reencode it, we get the real shortid/noteid and can find the note in the database and open the connection. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #863 from hackmdio/feature/slidePrintChristoph (Sheogorath) Kern2018-06-261-0/+1
|\ | | | | Add Print icon to slide view
| * Add Print icon to slide viewSheogorath2018-06-241-0/+1
| | | | | | | | | | | | | | | | It redirects the user to the print view of the document. I claim that people should either be smart enough to use ctrl+P or ask someone who knows how to print a webpage. I don't want to babysit our users. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Final replacementsSheogorath2018-06-241-1/+1
| | | | | | | | | | | | | | Looks like I missed a few. This should be complete now. And make us ready for the repo rename and merging. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Rebrand HackMD to CodiMDSheogorath2018-06-241-2/+2
|/ | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix all newly introduced linting issuesSheogorath2018-06-231-10/+10
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge branch 'pr-846'Sheogorath2018-06-234-21/+232
|\
| * Fix liniting and optimize some functionsSheogorath2018-06-233-47/+74
| | | | | | | | | | | | | | | | | | First fixed some linting issues. Also optimized some functions to be undoable with one ctrl+z. This should also speedup some operations Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add a toolbar to Codemirror editorEdgar Zanella Alvarenga2018-06-194-0/+184
| | | | | | | | Signed-off-by: Edgar Zanella Alvarenga <e@vaz.io>
* | turn concatenated string into a multi-line template stringJake Burden2018-06-221-19/+19
|/ | | | Signed-off-by: Jake Burden <jake@doge.haus>
* Add delete user UISheogorath2018-05-251-8/+12
| | | | | | | | | | This provides the UI for the delete user feature introduced in 4229084c6211db3d22cd9abec99b957725650b9e Placing of the user delete button is not perfect, but can be moved to an own user tab later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Removing google drive integrationSheogorath2018-05-166-495/+0
| | | | | | | | | | | | | | | It's sad but it's not working. For multiple releases this should be already broken which shows how often it's used. As there is also a security issue related to that, it's better to remove the feature completely. Whoever wants to rewrite it, feel free to go. This commit removes the Google Drive integration from HackMD's Frontend editor and this way removes the need to provide any API key and Client ID in the frontend. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix night mode button after restoreSheogorath2018-03-251-0/+1
| | | | | | | | | | | The night mode toggle doesn't get the right state after restore from local storage. This results in the need to toggle twice to disable night mode. This patch adds the needed class so the toggleNightMode function gets the right state on execution. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Persist nightmode so we can re-enable itSheogorath2018-03-231-3/+18
| | | | | | | | | Right now the night mode is possible to set by a toggle in the menu bar but needs to be re-enabled on every document switch, reload, etc.. This is super annoying so we should keep this state in local storage or a cookie. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #743 from hackmdio/fix-to-use-url-safe-base64Christoph (Sheogorath) Kern2018-03-182-0/+47
|\ | | | | Fix to use url-safe base64 in note url
| * Fix typoMax Wu2018-03-111-1/+1
| | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * Update to show log on migrate LZString type note url in historyMax Wu2018-03-111-1/+1
| | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
| * Update to migrate note url in the history of browser storage and cookieMax Wu2018-03-032-0/+47
| | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* | Update to allow rp tag for rubyMax Wu2018-02-261-0/+2
| | | | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* | Remove manual allow details tag since default already allow itMax Wu2018-02-261-3/+1
|/ | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>