| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Notably, the error output (in case of compiler errors) is generated
by overwriting the builtin console.error-function, which is a horrible
idea for many reasons, but there isn't really any other way right now.
|
|
HedgeDoc allows to specify custom Open Graph tags using the
`opengraph` key in the YAML metadata of a note.
These are rendered into the HTML delivered to clients using `ejs` and
its `<%-` tag. This outputs the variable unescaped into the template
and therefore allows to inject arbitrary strings,
including `<script>` tags.
This commit changes the template to use ejs's `<%=` tag instead,
which automatically escapes the variables content,
thereby mitigating the XSS vector.
See also https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-gjg7-4j2h-94fq
Co-authored-by: Christoph (Sheogorath) Kern <sheogorath@shivering-isles.com>
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|
New languages: bg, fa, gl, he, hu, oc, pt-br
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
Since the interface is not always in english, we mostly removed the lang attribute from all html tags. Since the error messages in error.ejs are not translated, but always in english, there the global lang="en" should be kept.
Also in the slide and editor template the div, which contains the user generated text, has the attribute translate="no" now, to avoid unwanted translations.
Since on the publish view (pretty.ejs) only the user generated content is shown, we set the lang to the language defined in yaml (or 'en') as a default, but that was also moved to the corresponding markdown div instead of html.
Fixes #881
See also #437
Signed-off-by: Philip Molares <philip.molares@udo.edu>
|
|
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
|
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
|
|
|
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
|
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
|
|
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in public/views
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in README
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in SECURITY.md
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in LICENSE
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in docs/configuration.md
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in bin/setup
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in docs/guides
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in docs/dev
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in docs/guides/auth
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in docs/setup
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update various links in code to the new GitHub org.
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: codiMDVersion.js is now hedgeDocVersion.js
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in docs/setup/yunohost
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rebrand to HedgeDoc: Add banner and logo
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in docs/guides/migrate-etherpad
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Remove note in docs/guides/auth/github
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Replace links in public/docs/features
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Add todo placeholder in docs/history
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Replace github link in public/views/index/body
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Replace github link in README
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Add logo to README
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Add note about the renaming to the front page
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Removed Travis from README.md and change CodiMD to HedgeDoc in some places
Signed-off-by: Yannick Bungers <git@innay.de>
Some more renaming to HedgeDoc
- Fixed capitalization of HedgeDoc
- Added renaming for etherpad migration doc
Signed-off-by: Yannick Bungers <git@innay.de>
Changed Repo name to hedgedoc
Signed-off-by: Yannick Bungers <git@innay.de>
|
|
Signed-off-by: David Mehren <git@herrmehren.de>
|
|
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|
This patch adds the Malayalam translation to CodiMD. Do by our awesome
translation supporters civic john, Sooraj Kenoth, Nithin Prabhakaran and
Jothish.
Thank you very much!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|
The current version of CodiMD/HedgeDoc does only support translations to be filled on server-side rendering. To allow the translation of the changed/created texts, I duplicated the container that holds the text, and pre-filed these containers with the translation server-side. The client just needs to hide the unneeded container and show the right one to show the translated status text.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|
CodiMD currently only uses the 'lang' attribute in YAML-metadata of a note for setting certain js-elements of the markdown-renderer. This commit adds the chosen lang into the published version of a note.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|
Signed-off-by: Nick Hahn <nick.hahn@posteo.de>
|
|
Signed-off-by: Nick Hahn <nick.hahn@posteo.de>
|
|
Adding translations for permissions for a possible 1.6.1 release doesn't
hurt but might helps some usecases of running CodiMD and we'll need the
translations in the new frontend anyway.
This patch adds the translations as well as the english local file.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Antoine Aflalo <antoine@warrantymaster.com>
|
|
Webpack now uses relative paths for resources linked from by static
snippets. A templated <base> tag has been introduced in headers
so app.js can set the base URL at runtime.
Signed-off-by: Enrico Guiraud <enrico.guiraud@cern.ch>
|
|
Signed-off-by: Erik Michelson <erik@liltv.de>
|
|
Signed-off-by: Martin Turoci <martinturoci@gmail.com>
|
|
Signed-off-by: Erik Michelson <erik@liltv.de>
|
|
- image and URL properties are only included if
the server url is set, because opengraph
protocol does not support relative links
Signed-off-by: Erik Michelson <erik@liltv.de>
|
|
Signed-off-by: PetrTodorov <info@petrtodorov.cz>
|
|
Signed-off-by: Matthias Lindinger <m.lindinger@live.de>
|
|
Thanks to our great translators that made it to translate the major
parts of CodiMD into Arabic!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Do Not Track (DNT) is an old web standard in order to notify pages that
the user doesn't want to be tracked. Even while a lot of pages either
ignore this header or even worse, use it for tracking purposes, the
orignal intention of this header is good and should be adopted.
This patch implements a respect of the DNT header by no longer including
the optional Google Analytics and disqus integrations when sending a DNT
header. This should reduce outside resource usage and help to stay more
private.
This should later-on extended towards other document content (i.e.
iframe based content).
The reason to not change the CDN handling is that CDNs will be
deprecated with next release and removed in long term.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
As we are about to announce the community forum, we should provide a
link to it in the footer. This patch adds Discouse between Riot, GitHub
and Mastodon as platform to follow our progress.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
There was some awesome work by Hồng in the recent days who translated
CodiMD completely into Vietnamese language! This patch provides this
awesome contributions.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Amolith <amolith@nixnet.xyz>
|
|
Signed-off-by: Amolith <amolith@nixnet.xyz>
|
|
Signed-off-by: Amolith <amolith@nixnet.xyz>
|
|
|
|
js-url is outdated and wurl is it's successor. This will fix some
vulnerabilities in the dependencies and also optimize the build process
by removing the external library toward internal tooling.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
We have a community forum and want to use it for users support and to
bring developers and end-users together. In order to achieve this, it
would be helpful to inform users about its existence.
This patch adds the community forum as resource to the help section and
aligns it along the Matrix channel and GitHub issue tracker.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Henrik "HerHde" Hüttemann <mail@herh.de>
|
|
After a long discussion, it turned out that CodiMD as community project
and HackMD as a company, have fundamental different views on the project
governance.
Due to this, it came to point where the decision for a fork was made.
After the fork and move towards an own organisation, this patch updates
all links inside the project to the new repositories.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Currently we have the odd situation to have two toolbars. One inside the
header and one in the editor.
Since we only show the image upload button when the editor is visible we
should move the upload button into the editor toolbar.
This patch does this by adding the image upload button besides the image
tag button.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Vladan[1] gave a hint about some minor problems with the capitalization
of language names.
This patch should fix most of them. and removes some "language" prefix
and suffixes which are not needed to make clear what people are
selecting here.
[1]: https://github.com/cvladan
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Since not all languages use the same word oder and we run into potential
issues, where the translation of powered by need to add something after
the CodiMD link, this should give us the needed flexiblity.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Thanks for the work of the translator Vladan we got a serbian
translation added! Those few changes will add serbian language support
for future CodiMD releases.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
see more at: http://docs.mathjax.org/en/latest/safe-mode.html
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
|
Seems like finally there is a new bootstrap version for old version 3.
This patch implements this new version with CodiMD and this way fixes
some possible security issues in the frontend code.
See:
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Max Wu <jackymaxj@gmail.com>
|
