summaryrefslogtreecommitdiff
path: root/public/views (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Fix possible MathJax XSS issue [Security Issue]Max Wu2019-03-033-0/+6
| | | | | | see more at: http://docs.mathjax.org/en/latest/safe-mode.html Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Update bootstrap from 3.3.7 to 3.4.0Sheogorath2019-01-116-8/+8
| | | | | | | | | | | | | Seems like finally there is a new bootstrap version for old version 3. This patch implements this new version with CodiMD and this way fixes some possible security issues in the frontend code. See: https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889 https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix to sanitize disqus shortnames to remove slashes [Security Issue]Max Wu2018-12-281-1/+1
| | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Update socket.ioSheogorath2018-11-281-1/+1
| | | | | | | | | | Our socket.io version is 2.0.4 while the current socket.io version is 2.1.1. This patch updates socket.io to version 2.1.1 and takes care of the CDN client version. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update reveal.js to version 3.7.0Sheogorath2018-11-191-3/+3
| | | | | | | | | | | | | | | There is a new reveal.js version out. As we try to keep up with upstream, time to integreate it. This patch updates reveal.js in for CDN-using instances as well as the ones using the libraries. Checked that speaker view in slide mode still works, so no CSP change needed. https://github.com/hakimel/reveal.js/releases/tag/3.7.0 https://github.com/hackmdio/codimd/blob/2d241b93002a3a23f81ffe8fab82f2c6c98feca4/lib/csp.js#L72-L74 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fixing links on index pageSheogorath2018-11-181-3/+3
| | | | | | | | | | Seems like ids in Firefox are case sensitive. So linking in the current way fails. This patch fixes the links by using the exact matching version of the titles on the features page. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add full version stringSheogorath2018-11-111-1/+1
| | | | | | | | | | | | Currently we only provide the version from `package.json`. This means that during updates of instances, e.g. the demo instance, which runs latest master instead of a stable release, changes are not reflected to the webclient. This patch adds a fullversion string that contains the current commit and this way makes that clients are notified about changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix menu for github and dropboxCédric Couralet2018-11-071-4/+4
| | | | Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* Fix menu when gitlab is enabledCédric Couralet2018-11-071-6/+6
| | | | Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* removing global site layout vars from individual routers, putting them into ↵Claudius2018-11-0310-78/+78
| | | | | | app.local Signed-off-by: Claudius <opensource@amenthes.de>
* Remove Gitter from codebaseSheogorath2018-10-171-1/+1
| | | | | | | | | | We no longer use Gitter for development talk and similar. So we might want to remove it? This patch removes Gitter from README, help page and features page. And replaces it in the help modal with POEditor, our translation platform. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix #1016: webpack include defect for scripts and header files.MartB2018-10-162-2/+2
| | | | Signed-off-by: MartB <mart.b@outlook.de>
* Remove dead package octiconSheogorath2018-10-104-4/+0
| | | | | | | | Octicon no longer provides its CSS classes and this way is useless in CodiMD. Replacing all used classes in the UI and remove it from build system. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #993 from SISheogorath/feature/useForkAwesomeChristoph (Sheogorath) Kern2018-10-095-5/+5
|\ | | | | Replace font-awesome with fork-awesome
| * Replace font-awesome with fork-awesomeSheogorath2018-10-055-5/+5
| | | | | | | | | | | | | | | | | | | | This patch replaces font-awesome with its fork called fork-awesome. Besides the fact that the newer versions of font-awesome can't be shipped with distros like debian due to license issues, fork-awesome also provides more FOSS related icons and builds on top of version 4.7.x of font-awesome, which we used until this patch. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add OpenID to CodiMDSheogorath2018-10-051-1/+20
|/ | | | | | | | With OpenID every OpenID capable provider can provide authentication for users of a CodiMD instance. This means we have federated authentication. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add rel="noopener" to target="_blank" linksSheogorath2018-10-044-12/+12
| | | | | | | | | | The noopener construct protects from some nasty clickjacking attacks. We can apply them savely to all our links since we don't rely on the previously used page. Some more details: https://mathiasbynens.github.io/rel-noopener/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #932 from davidmehren/webpack-4Christoph (Sheogorath) Kern2018-10-032-3/+3
|\ | | | | Upgrade to Webpack 4
| * Upgrade to Webpack 4 - first tryDavid Mehren2018-09-062-3/+3
| | | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* | Some minor footer improvementsSheogorath2018-10-011-1/+1
| | | | | | | | | | | | | | | | | | Removing copyrigt sign since we are not copyrighting things. Changing hackmd.io to codimd.org since HackMD is more and more dividing from CodiMD and may brings up wrong expectations. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add POEditor to 'follow us' statementSheogorath2018-09-261-1/+1
| | | | | | | | | | | | | | We broke the follow us before by removing Facebook and Twitter. Adding POEditor should fix it and help to attract new translators. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add indonesian language to CodiMDSheogorath2018-09-231-0/+1
|/ | | | | | Big thanks @filosofikode for the translation work! Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update to replace Twitter and Facebook to RiotMax Wu2018-07-311-1/+1
| | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Add possibility to choose between version v3 or v4 for the gitlab api.Cédric Couralet2018-07-311-0/+2
| | | | | | | | Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility) Default gitlab api version to v4 Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* Remove some unneeded defined inline-stylingsSheogorath2018-07-031-2/+2
| | | | | | These have no really useful point here. Let's just remove them. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix some night mode colorsSheogorath2018-07-031-1/+1
| | | | | | | | We have some issues with night mode and the font color. This should fix this in the permission table and the delete node modal. As well as some picture styling. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update highlight.jsSheogorath2018-06-304-4/+4
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update to octicon 4.4.0Sheogorath2018-06-304-4/+4
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #863 from hackmdio/feature/slidePrintChristoph (Sheogorath) Kern2018-06-261-1/+1
|\ | | | | Add Print icon to slide view
| * Add Print icon to slide viewSheogorath2018-06-241-1/+1
| | | | | | | | | | | | | | | | It redirects the user to the print view of the document. I claim that people should either be smart enough to use ctrl+P or ask someone who knows how to print a webpage. I don't want to babysit our users. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Rename HackMD view to CodiMDSheogorath2018-06-248-19/+19
| | | | | | | | | | | | | | | | Even when it looks a bit weird in first place to rename all internals step by step, it makes sense to do so, because we run into confusion afterwards. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Rebrand HackMD to CodiMDSheogorath2018-06-244-8/+7
|/ | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Move config out of statics pathSheogorath2018-06-241-1/+1
| | | | | | | | Since static path is providing with a high expiration data, we provide configs via API. This shouldn't add any noticeable load while making it uncached and this way working again. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Move polyfill to CDN sectionSheogorath2018-06-184-5/+4
| | | | | | | We don't support it on CDN false instances, but it doesn't hurt to keep it in for CDN-enabled instances Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #830 from SISheogorath/feature/GDPRChristoph (Sheogorath) Kern2018-06-171-7/+29
|\ | | | | GDPR compliant part 1
| * Add export data UISheogorath2018-05-261-0/+1
| | | | | | | | | | | | | | | | | | | | This adds the UI for the export feature introduced in bcbb8c67c9f8092643c318140f6613324f306bd2 It allows to download all notes from the main page in the default user submenu. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add token based security featureSheogorath2018-05-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add delete user UISheogorath2018-05-251-6/+27
| | | | | | | | | | | | | | | | | | | | This provides the UI for the delete user feature introduced in 4229084c6211db3d22cd9abec99b957725650b9e Placing of the user delete button is not perfect, but can be moved to an own user tab later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add privacy and ToS linksSheogorath2018-05-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | To be GDPR compliant we need to provide privacy statement. These should be linked on the index page. So as soon as a document exist under `public/docs/privacy.md` the link will show up. Since we already add legal links, we also add Terms of Use, which will show up as soon as `public/docs/terms-of-use.md` exists. This should allow everyone to provide the legal documents they need for GDPR and other privacy and business laws. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add korean translationSheogorath2018-06-071-0/+1
| | | | | | | | | | | | | | | | This translation was contributed via POEditor by the user Basix. Thanks a lot for your work! Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #784 from pferreir/add-oauth2-supportChristoph (Sheogorath) Kern2018-06-042-4/+9
|\ \ | |/ |/| Add "generic" OAuth2 support
| * Add support for generic OAuth2 providersPedro Ferreira2018-03-262-4/+9
| | | | | | | | Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
* | Removing google drive integrationSheogorath2018-05-161-10/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's sad but it's not working. For multiple releases this should be already broken which shows how often it's used. As there is also a security issue related to that, it's better to remove the feature completely. Whoever wants to rewrite it, feel free to go. This commit removes the Google Drive integration from HackMD's Frontend editor and this way removes the need to provide any API key and Client ID in the frontend. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Revert "Workaround Google API problems"Christoph (Sheogorath) Kern2018-05-161-1/+9
| |
* | Remove Google Upload from UISheogorath2018-05-011-9/+1
| | | | | | | | | | | | | | | | | | | | This temporarily removes the Upload from the UI as it's broken right now. Needs a refactoring and can be added in again later on by undoing this commit. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add matrix.org / Riot linkSheogorath2018-04-051-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | As an active part of the community prefers Matrix.org over Gitter, we should link Matrix.org as a place to meet us. As the matrix and gitter channels are interconnected. We don't loose any message if a person decides to go for one or another. We use an more universal way of translation to make it easier to provide a link to various platforms. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix CSP for disqus and Google AnalyticsSheogorath2018-03-302-6/+5
|/ | | | | | | | | | | | | This commit should fix existing problems with Disqus and Google Analytics enabled in the meta-yaml section of a note. Before this commit they were blocked by the strict CSP. It's still possible to disable the added directives using `addDisqus` and `addGoogleAnalytics` in the `csp` config section. They are enabled by default to prevent breaking changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Change config to camel case with backwards compatibilitySheogorath2018-03-252-3/+3
| | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update socket.io to version 2.0.4Sheogorath2018-01-301-1/+1
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #704 from SISheogorath/fix/ldapProviderNameChristoph (Sheogorath) Kern2018-01-291-1/+1
|\ | | | | Fix ldap provider name in template