Commit message (Collapse) | Author | Files | Lines | ||
---|---|---|---|---|---|
2018-12-28 | Fix to sanitize disqus shortnames to remove slashes [Security Issue] | Max Wu | 1 | -1/+1 | |
Signed-off-by: Max Wu <jackymaxj@gmail.com> | |||||
2018-03-30 | Fix CSP for disqus and Google Analytics | Sheogorath | 1 | -3/+2 | |
This commit should fix existing problems with Disqus and Google Analytics enabled in the meta-yaml section of a note. Before this commit they were blocked by the strict CSP. It's still possible to disable the added directives using `addDisqus` and `addGoogleAnalytics` in the `csp` config section. They are enabled by default to prevent breaking changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | |||||
2017-01-21 | Refactor templates and rearrange its path | Wu Cheng-Han | 1 | -0/+0 | |
2016-11-26 | Fix possible XSS in yaml-metadata and turn using ejs escape syntax than ↵ | Wu Cheng-Han | 1 | -1/+1 | |
external lib [Security Issue] | |||||
2016-08-15 | Update slide mode to show extra info and support url actions and support ↵ | Wu Cheng-Han | 1 | -0/+14 | |
disqus via yaml-metadata |