| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We got a security alert for a regular expression DoS attack on our used
library `to-markdown`.
After checking `to-markdown` to be maintained or not, it turned out they
renamed the library to `turndown`. So upgrading to `turndown` should fix
this vulnerbility.
References:
https://www.npmjs.com/package/to-markdown
https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fix ToC breaking documents with empty h* elements
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While experimenting with the ToC changes, it became obvious that anchors
for those unnamed headers don't work.
This patch fixes those links by running the autolinkify twice and make
sure linkify only adds links to non-empty ids.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| | |
most rules degraded to WARN, so we don't go insane. This will
change over time. The aim is to conform to a common style
Signed-off-by: Claudius Coenen <opensource@amenthes.de>
|
|/
|
|
|
|
|
|
| |
We can load the xss functions directly from the library instead of
loading them through the expose loader of webpack, this should simplify
the setup and maybe even improve speed a bit.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Regex introduced in the last commit[1], was already working quite
good. But still resulted in false positives for all URL that contained a
second `:`.
To fix this once and for all, we craft a simple, but long regex based on
all emoji names and use this to match them.
We could probably optimize it, but that should also be something the
regex engine itself can and should do.
[1]: 7e45533c75a3697c916e52e5f4ddff42a38bd3d5 (in this source tree)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old regex, adapted from the other plugins, was a bit too open for
matching. This leads to matching something like: `This is a sentence:
[And something with a: in it.]()` which doesn't become a link anymore.
Because the match is: ` [And something with a`.
This patch provides a fix for the regex to only match non-space string
within the `:`'s.
References:
- Introducing commit:
https://github.com/hackmdio/codimd/commit/2063eb8bdf9c0537e9fcfadd7f587658c72bd281
- Inspirational source of the original RegEx:
https://github.com/hackmdio/codimd/blob/2063eb8bdf9c0537e9fcfadd7f587658c72bd281/public/js/extra.js#L1095
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fix not rendered autocomplete emojis
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently we have some emojis that are autocompleted but won't show up
in the resulting document.
This patch adds all emojis that are pushed to Codemirror and applies
them to the markdown rendering process, so they become usable.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| | |
| | | |
Add autocomplete for highlight.js languages into codemirror
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Right now we support code highlighting for rust, but it doesn't appear
in autocomplete of codemirror, because codemirror is not aware of it.
This patch lets highlightjs simply tell codemirror, what it supports and
adds this to the autocomplete list.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|/
|
|
|
|
|
|
| |
Octicon no longer provides its CSS classes and this way is useless in
CodiMD. Replacing all used classes in the UI and remove it from build
system.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
The noopener construct protects from some nasty clickjacking attacks. We
can apply them savely to all our links since we don't rely on the
previously used page.
Some more details: https://mathiasbynens.github.io/rel-noopener/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
| |
Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility)
Default gitlab api version to v4
Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
|
|
|
| |
Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>
|
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
| |
It wasn't possible to create unicode based URLs in freeurl mode, because
the noteid used for the websocket connection is double escaped. When we
decode it and let socketio-client reencode it, we get the real
shortid/noteid and can find the note in the database and open the
connection.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Add Print icon to slide view
|
| |
| |
| |
| |
| |
| |
| |
| | |
It redirects the user to the print view of the document. I claim that
people should either be smart enough to use ctrl+P or ask someone who
knows how to print a webpage. I don't want to babysit our users.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| | |
Looks like I missed a few. This should be complete now. And make us
ready for the repo rename and merging.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|/
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
First fixed some linting issues. Also optimized some functions to be
undoable with one ctrl+z.
This should also speedup some operations
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| | |
Signed-off-by: Edgar Zanella Alvarenga <e@vaz.io>
|
|/
|
|
| |
Signed-off-by: Jake Burden <jake@doge.haus>
|
|
|
|
|
|
|
|
|
|
| |
This provides the UI for the delete user feature introduced in
4229084c6211db3d22cd9abec99b957725650b9e
Placing of the user delete button is not perfect, but can be moved to an
own user tab later on.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's sad but it's not working. For multiple releases this should be
already broken which shows how often it's used.
As there is also a security issue related to that, it's better to
remove the feature completely. Whoever wants to rewrite it, feel free to
go.
This commit removes the Google Drive integration from HackMD's Frontend
editor and this way removes the need to provide any API key and Client
ID in the frontend.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The night mode toggle doesn't get the right state after restore from
local storage. This results in the need to toggle twice to disable night
mode.
This patch adds the needed class so the toggleNightMode function gets
the right state on execution.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
| |
Right now the night mode is possible to set by a toggle in the menu bar
but needs to be re-enabled on every document switch, reload, etc.. This
is super annoying so we should keep this state in local storage or
a cookie.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fix to use url-safe base64 in note url
|
| |
| |
| |
| | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|/
|
|
| |
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
HTML5 provides a wide feature set of useful elements. Since Markdown
usually supports HTML it should be able to use these HTML5 tags as well.
As they were requested by some users and they where checked for being
safe, whitelisting them isn't a problem. To make the experience the same
as on GitHub when it comes to the basic look and feel of the rendered
markdown, some CSS was added to make the summary and the details tag
look like on GitHub.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change allows all input modes of codemirror to use the information
from an input esc-key and make this way vim and sublime more
functional. To prevent this change from breaking the return from the
fullscreen mode, it catches the esc-key in this case. Hopefully this is
an acceptable solution.
As before the vim-mode is handled different in fulltext-mode as it is
esc-key heavy.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Stefan Bühler <buehler@cert.uni-stuttgart.de>
|
|
|
| |
which caused by not matching syntax with double dashes correctly
|
|\
| |
| | |
Allow more detailed configuration of upload mime types
|
| |
| |
| |
| |
| |
| | |
Fixes #637
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| |/
|/| |
Implement basic CSP support
|
| |
| |
| |
| |
| |
| |
| |
| | |
Didn't work in Firefox for some reason.
`[Script Loader] ReferenceError: module is not defined`
This reverts commit 5b83deb043296c23ff912a2472703c1f7faddb4b.
|
| |
| |
| |
| | |
thanks standard
|
| |
| |
| |
| | |
Not sure why I was quoting these in the first place
|
| |
| |
| |
| | |
Doesn't use eval, plus no window object access
|
| | |
|