summaryrefslogtreecommitdiff
path: root/public/js (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Set all cookies with sameSite: strictDavid Mehren2020-06-084-12/+24
| | | | | | Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite Signed-off-by: David Mehren <dmehren1@gmail.com>
* Fix revision redirect to index pageSheogorath2020-02-101-1/+1
| | | | | | | | | | | | | | | The revision view had a bug that clicking on a list entry would redirect the user back to the index page instead of providing the revision diff. This was cased by the baseurl which is now used as reference for hrefs. Therefore when clicking on the `href="#"` this was actually pointing at `<baseurl>#` which is usually the index page. This patch simply removes the href from the list items and therefore the link functionality. This fixes the whole problem by removing 9 characters from our source code. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix #249 - Focus user field after opening login modalErik Michelson2020-01-081-0/+14
| | | | Signed-off-by: Erik Michelson <erik@liltv.de>
* make standard conform [fix]hoijui2019-10-301-8/+5
| | | | Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* make `headerIds` `const` [fix]hoijui2019-10-301-1/+1
| | | | Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* fix gfm header link generation with respect to `deduplicatedHeaderId`hoijui2019-10-301-19/+69
| | | | Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* linkifyHeaderStyle needs no string-ification; is already str.hoijui2019-10-301-1/+1
| | | | | Co-Authored-By: Yukai Huang <yukaihuangtw@gmail.com> Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* Merge pull request #205 from hoijui/linkifyHeaderStyleSheogorath2019-10-232-4/+10
|\ | | | | Allow to generate lower case header references through the config
| * Allow to generate lower case header references through the confighoijui2019-10-222-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | This makes the references consistent/compatible with GitHub, GitLab, Pandoc and many other tools. This behavior can be enabled in config.json with: ``` "linkifyHeaderStyle": "gfm" ``` Signed-off-by: hoijui <hoijui.quaero@gmail.com>
| * slight doc comment touch-up/simplification [minor]hoijui2019-10-221-3/+3
| | | | | | | | Signed-off-by: hoijui <hoijui.quaero@gmail.com>
* | Don't accept sandbox attributeRyotaK2019-10-221-1/+1
|/ | | | | | Because sandbox is whitelist attribute, attacker will be able to create iframe that has more permission than default. Signed-off-by: RyotaK <49341894+ry0tak@users.noreply.github.com>
* Merge pull request #97 from SISheogorath/fix/lintingSheogorath2019-06-0410-953/+958
|\ | | | | Fix eslint warnings
| * Fix eslint warningsSheogorath2019-05-3110-953/+958
| | | | | | | | | | | | | | | | | | | | | | Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | fixed styling of slides previewToma Tasovac2019-05-301-0/+2
|/ | | | Signed-off-by: Toma Tasovac <ttasovac@humanistika.org>
* Fix toolbar day modePedro Ferreira2019-05-122-15/+17
| | | | | | Also moved the code to SCSS Signed-off-by: Pedro Ferreira <pedro@dete.st>
* Make upload button respect night modePedro Ferreira2019-05-122-4/+4
| | | | | | | Also set a title in the input field, so that the file name doesn't show up. Signed-off-by: Pedro Ferreira <pedro@dete.st>
* Replace js-url with wurlSheogorath2019-04-162-4/+6
| | | | | | | | js-url is outdated and wurl is it's successor. This will fix some vulnerabilities in the dependencies and also optimize the build process by removing the external library toward internal tooling. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix stored XSS in the graphviz error message rendering [Security Issue]Max Wu2019-04-161-6/+7
| | | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com> Co-Authored-By: Sheogorath <sheogorath@shivering-isles.com>
* Move upload button into toolbarSheogorath2019-03-254-17/+13
| | | | | | | | | | | | | Currently we have the odd situation to have two toolbars. One inside the header and one in the editor. Since we only show the image upload button when the editor is visible we should move the upload button into the editor toolbar. This patch does this by adding the image upload button besides the image tag button. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix broken HTML export with emojisSheogorath2019-03-091-1/+1
| | | | | | | | | HTML export was broken due to missing alt-attribute for emojis. This patch adds the old alt-element style and restores the exportability this way. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix CI errors for unused variablesSheogorath2019-02-211-3/+2
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Remove broken speakerdeck embeddingSheogorath2019-02-211-28/+7
| | | | | | | | | | | | The current speakerdeck implementation is broken. An alternative implementation using oembed doesn't work due to CORS, which could be solved by proxying the speakerdeck API, but we decided to not do this. This patch provides the link to the speakerdeck presentation instead, and this way doesn't break existing notes. This is right now the best solution we could come up with. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix to escape html comment tag [Security Issue]Max Wu2018-12-281-1/+1
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Update from to-markdown to turndownSheogorath2018-11-211-2/+7
| | | | | | | | | | | | | | We got a security alert for a regular expression DoS attack on our used library `to-markdown`. After checking `to-markdown` to be maintained or not, it turned out they renamed the library to `turndown`. So upgrading to `turndown` should fix this vulnerbility. References: https://www.npmjs.com/package/to-markdown https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1043 from SISheogorath/fix/tocEmptyHeadChristoph (Sheogorath) Kern2018-11-192-2/+5
|\ | | | | Fix ToC breaking documents with empty h* elements
| * Fix wrong anchorsSheogorath2018-11-192-2/+5
| | | | | | | | | | | | | | | | | | | | While experimenting with the ToC changes, it became obvious that anchors for those unnamed headers don't work. This patch fixes those links by running the autolinkify twice and make sure linkify only adds links to non-empty ids. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | switching to eslint for code checkingClaudius Coenen2018-11-144-6/+9
| | | | | | | | | | | | | | most rules degraded to WARN, so we don't go insane. This will change over time. The aim is to conform to a common style Signed-off-by: Claudius Coenen <opensource@amenthes.de>
* | Remove the xss library from webpackSheogorath2018-11-102-4/+7
|/ | | | | | | | We can load the xss functions directly from the library instead of loading them through the expose loader of webpack, this should simplify the setup and maybe even improve speed a bit. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Again: Replace emoji-plugin regexSheogorath2018-10-311-7/+6
| | | | | | | | | | | | | | | | The Regex introduced in the last commit[1], was already working quite good. But still resulted in false positives for all URL that contained a second `:`. To fix this once and for all, we craft a simple, but long regex based on all emoji names and use this to match them. We could probably optimize it, but that should also be something the regex engine itself can and should do. [1]: 7e45533c75a3697c916e52e5f4ddff42a38bd3d5 (in this source tree) Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix emoji regexSheogorath2018-10-291-1/+1
| | | | | | | | | | | | | | | | | | The old regex, adapted from the other plugins, was a bit too open for matching. This leads to matching something like: `This is a sentence: [And something with a: in it.]()` which doesn't become a link anymore. Because the match is: ` [And something with a`. This patch provides a fix for the regex to only match non-space string within the `:`'s. References: - Introducing commit: https://github.com/hackmdio/codimd/commit/2063eb8bdf9c0537e9fcfadd7f587658c72bd281 - Inspirational source of the original RegEx: https://github.com/hackmdio/codimd/blob/2063eb8bdf9c0537e9fcfadd7f587658c72bd281/public/js/extra.js#L1095 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1006 from SISheogorath/fix/missingEmojisChristoph (Sheogorath) Kern2018-10-221-0/+15
|\ | | | | Fix not rendered autocomplete emojis
| * Fix not rendered autocomplete emojisSheogorath2018-10-101-0/+15
| | | | | | | | | | | | | | | | | | | | Currently we have some emojis that are autocompleted but won't show up in the resulting document. This patch adds all emojis that are pushed to Codemirror and applies them to the markdown rendering process, so they become usable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #1004 from SISheogorath/feature/integrateHljsChristoph (Sheogorath) Kern2018-10-111-1/+2
|\ \ | | | | | | Add autocomplete for highlight.js languages into codemirror
| * | Add autocomplete for highlight.js languages into codemirrorSheogorath2018-10-101-1/+2
| |/ | | | | | | | | | | | | | | | | | | Right now we support code highlighting for rust, but it doesn't appear in autocomplete of codemirror, because codemirror is not aware of it. This patch lets highlightjs simply tell codemirror, what it supports and adds this to the autocomplete list. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* / Remove dead package octiconSheogorath2018-10-101-1/+1
|/ | | | | | | | Octicon no longer provides its CSS classes and this way is useless in CodiMD. Replacing all used classes in the UI and remove it from build system. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix #986 : Visibility is now transmitted with gitlab V4 apiCédric Couralet2018-10-091-1/+1
| | | | Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* Add rel="noopener" to target="_blank" linksSheogorath2018-10-041-1/+3
| | | | | | | | | | The noopener construct protects from some nasty clickjacking attacks. We can apply them savely to all our links since we don't rely on the previously used page. Some more details: https://mathiasbynens.github.io/rel-noopener/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add possibility to choose between version v3 or v4 for the gitlab api.Cédric Couralet2018-07-311-6/+11
| | | | | | | | Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility) Default gitlab api version to v4 Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* Fix some false titlesAlexander Wellbrock2018-07-081-2/+2
| | | Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>
* Update storeSheogorath2018-06-301-59/+20
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix broken unicode urlsSheogorath2018-06-261-1/+1
| | | | | | | | | | It wasn't possible to create unicode based URLs in freeurl mode, because the noteid used for the websocket connection is double escaped. When we decode it and let socketio-client reencode it, we get the real shortid/noteid and can find the note in the database and open the connection. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #863 from hackmdio/feature/slidePrintChristoph (Sheogorath) Kern2018-06-261-0/+1
|\ | | | | Add Print icon to slide view
| * Add Print icon to slide viewSheogorath2018-06-241-0/+1
| | | | | | | | | | | | | | | | It redirects the user to the print view of the document. I claim that people should either be smart enough to use ctrl+P or ask someone who knows how to print a webpage. I don't want to babysit our users. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Final replacementsSheogorath2018-06-241-1/+1
| | | | | | | | | | | | | | Looks like I missed a few. This should be complete now. And make us ready for the repo rename and merging. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Rebrand HackMD to CodiMDSheogorath2018-06-241-2/+2
|/ | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix all newly introduced linting issuesSheogorath2018-06-231-10/+10
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge branch 'pr-846'Sheogorath2018-06-234-21/+232
|\
| * Fix liniting and optimize some functionsSheogorath2018-06-233-47/+74
| | | | | | | | | | | | | | | | | | First fixed some linting issues. Also optimized some functions to be undoable with one ctrl+z. This should also speedup some operations Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add a toolbar to Codemirror editorEdgar Zanella Alvarenga2018-06-194-0/+184
| | | | | | | | Signed-off-by: Edgar Zanella Alvarenga <e@vaz.io>
* | turn concatenated string into a multi-line template stringJake Burden2018-06-221-19/+19
|/ | | | Signed-off-by: Jake Burden <jake@doge.haus>