summaryrefslogtreecommitdiff
path: root/public (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Release version 1.3.0Sheogorath2019-03-041-0/+95
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix possible MathJax XSS issue [Security Issue]Max Wu2019-03-033-0/+6
| | | | | | see more at: http://docs.mathjax.org/en/latest/safe-mode.html Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Fix CI errors for unused variablesSheogorath2019-02-211-3/+2
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Remove broken speakerdeck embeddingSheogorath2019-02-212-31/+7
| | | | | | | | | | | | The current speakerdeck implementation is broken. An alternative implementation using oembed doesn't work due to CORS, which could be solved by proxying the speakerdeck API, but we decided to not do this. This patch provides the link to the speakerdeck presentation instead, and this way doesn't break existing notes. This is right now the best solution we could come up with. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update bootstrap from 3.3.7 to 3.4.0Sheogorath2019-01-116-8/+8
| | | | | | | | | | | | | Seems like finally there is a new bootstrap version for old version 3. This patch implements this new version with CodiMD and this way fixes some possible security issues in the frontend code. See: https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889 https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix to escape html comment tag [Security Issue]Max Wu2018-12-281-1/+1
| | | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Fix to sanitize disqus shortnames to remove slashes [Security Issue]Max Wu2018-12-281-1/+1
| | | Signed-off-by: Max Wu <jackymaxj@gmail.com>
* Update socket.ioSheogorath2018-11-281-1/+1
| | | | | | | | | | Our socket.io version is 2.0.4 while the current socket.io version is 2.1.1. This patch updates socket.io to version 2.1.1 and takes care of the CDN client version. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update from to-markdown to turndownSheogorath2018-11-211-2/+7
| | | | | | | | | | | | | | We got a security alert for a regular expression DoS attack on our used library `to-markdown`. After checking `to-markdown` to be maintained or not, it turned out they renamed the library to `turndown`. So upgrading to `turndown` should fix this vulnerbility. References: https://www.npmjs.com/package/to-markdown https://github.com/domchristie/turndown/wiki/Migrating-from-to-markdown-to-Turndown Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update reveal.js to version 3.7.0Sheogorath2018-11-191-3/+3
| | | | | | | | | | | | | | | There is a new reveal.js version out. As we try to keep up with upstream, time to integreate it. This patch updates reveal.js in for CDN-using instances as well as the ones using the libraries. Checked that speaker view in slide mode still works, so no CSP change needed. https://github.com/hakimel/reveal.js/releases/tag/3.7.0 https://github.com/hackmdio/codimd/blob/2d241b93002a3a23f81ffe8fab82f2c6c98feca4/lib/csp.js#L72-L74 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #1043 from SISheogorath/fix/tocEmptyHeadChristoph (Sheogorath) Kern2018-11-193-6/+9
|\ | | | | Fix ToC breaking documents with empty h* elements
| * Fix wrong anchorsSheogorath2018-11-192-2/+5
| | | | | | | | | | | | | | | | | | | | While experimenting with the ToC changes, it became obvious that anchors for those unnamed headers don't work. This patch fixes those links by running the autolinkify twice and make sure linkify only adds links to non-empty ids. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Fix ToC breaking documents with empty h* elementsSheogorath2018-11-191-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | Right now, the ToC has an undefined variable i that was an index in the original ToC code. Since the major rewrite in 4fe062085324c50f2cfa062258559cf31858ef5f it's a recursive function without this index. The variable `i` was wrongly copied into its current place from the old code. This patch replaces the variable `i` with the index of the header element. Fix the undefined variable problem. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #1060 from SISheogorath/fix/indexLinksChristoph (Sheogorath) Kern2018-11-181-3/+3
|\ \ | | | | | | Fixing links on index page
| * | Fixing links on index pageSheogorath2018-11-181-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Seems like ids in Firefox are case sensitive. So linking in the current way fails. This patch fixes the links by using the exact matching version of the titles on the features page. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | switching to eslint for code checkingClaudius Coenen2018-11-145-6/+37
|/ / | | | | | | | | | | | | most rules degraded to WARN, so we don't go insane. This will change over time. The aim is to conform to a common style Signed-off-by: Claudius Coenen <opensource@amenthes.de>
* | Add documentation for slide view mode to features pageSheogorath2018-11-141-1/+3
| | | | | | | | | | | | | | | | | | Since it's a very useful feature, we should mention it in multiple locations. So we mention it in the slide mode section of the features page. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Some minor improvements to the yaml-metadata docsSheogorath2018-11-141-15/+15
| | | | | | | | | | | | Switching form XAML to YAML syntax highlighting and fixing some grammar. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Add documentation for type fieldSheogorath2018-11-141-0/+11
| | | | | | | | | | | | | | The yaml-metadata documentation should mention the type field. This is also open for future extension. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Activate slide editing mode for exampleSheogorath2018-11-141-0/+1
| | | | | | | | | | | | | | | | | | We have this awesome editing mode for slide shows. We just don't enable it or tell anyone that it exists. Maybe we should do this. This patch sets the type for the slide example. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #1028 from SISheogorath/docs/editorModesChristoph (Sheogorath) Kern2018-11-121-2/+16
|\ \ | | | | | | Add documentation about editor modes in features page
| * | Add documentation about editor modes in features pageSheogorath2018-10-281-2/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Codemirror provides various modes via keymapping. These are already available by a menu in the interface. But they aren't mentioned anywhere. This patch provides some documentation about the editor modes and their implications. Since they are a feature, the documentation is done on the features page. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #1046 from SISheogorath/feature/optimizeXSSChristoph (Sheogorath) Kern2018-11-112-4/+7
|\ \ \ | | | | | | | | Remove the xss library from webpack
| * | | Remove the xss library from webpackSheogorath2018-11-102-4/+7
| | |/ | |/| | | | | | | | | | | | | | | | | | | We can load the xss functions directly from the library instead of loading them through the expose loader of webpack, this should simplify the setup and maybe even improve speed a bit. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* / | Add full version stringSheogorath2018-11-111-1/+1
|/ / | | | | | | | | | | | | | | | | | | | | | | Currently we only provide the version from `package.json`. This means that during updates of instances, e.g. the demo instance, which runs latest master instead of a stable release, changes are not reflected to the webclient. This patch adds a fullversion string that contains the current commit and this way makes that clients are notified about changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Fix menu for github and dropboxCédric Couralet2018-11-071-4/+4
| | | | | | | | Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* | Fix menu when gitlab is enabledCédric Couralet2018-11-071-6/+6
| | | | | | | | Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* | Merge pull request #1034 from SISheogorath/fix/emojiPluginChristoph (Sheogorath) Kern2018-11-061-7/+6
|\ \ | | | | | | Again: Replace emoji-plugin regex
| * | Again: Replace emoji-plugin regexSheogorath2018-10-311-7/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Regex introduced in the last commit[1], was already working quite good. But still resulted in false positives for all URL that contained a second `:`. To fix this once and for all, we craft a simple, but long regex based on all emoji names and use this to match them. We could probably optimize it, but that should also be something the regex engine itself can and should do. [1]: 7e45533c75a3697c916e52e5f4ddff42a38bd3d5 (in this source tree) Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | removing global site layout vars from individual routers, putting them into ↵Claudius2018-11-0310-78/+78
|/ / | | | | | | | | | | app.local Signed-off-by: Claudius <opensource@amenthes.de>
* | Fix emoji regexSheogorath2018-10-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The old regex, adapted from the other plugins, was a bit too open for matching. This leads to matching something like: `This is a sentence: [And something with a: in it.]()` which doesn't become a link anymore. Because the match is: ` [And something with a`. This patch provides a fix for the regex to only match non-space string within the `:`'s. References: - Introducing commit: https://github.com/hackmdio/codimd/commit/2063eb8bdf9c0537e9fcfadd7f587658c72bd281 - Inspirational source of the original RegEx: https://github.com/hackmdio/codimd/blob/2063eb8bdf9c0537e9fcfadd7f587658c72bd281/public/js/extra.js#L1095 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #997 from SISheogorath/docs/slidePrintChristoph (Sheogorath) Kern2018-10-221-1/+1
|\ \ | | | | | | slide example: Add link to slide printing instructions
| * | slide example: Add link to slide printing instructionsSheogorath2018-10-071-1/+1
| | | | | | | | | | | | | | | | | | | | | The printing instructions seem to not be really clear. Linking the reveal.js offical docs should help. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #1006 from SISheogorath/fix/missingEmojisChristoph (Sheogorath) Kern2018-10-221-0/+15
|\ \ \ | |_|/ |/| | Fix not rendered autocomplete emojis
| * | Fix not rendered autocomplete emojisSheogorath2018-10-101-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we have some emojis that are autocompleted but won't show up in the resulting document. This patch adds all emojis that are pushed to Codemirror and applies them to the markdown rendering process, so they become usable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Remove Gitter from codebaseSheogorath2018-10-172-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We no longer use Gitter for development talk and similar. So we might want to remove it? This patch removes Gitter from README, help page and features page. And replaces it in the help modal with POEditor, our translation platform. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Fix #1016: webpack include defect for scripts and header files.MartB2018-10-162-2/+2
| | | | | | | | | | | | Signed-off-by: MartB <mart.b@outlook.de>
* | | Merge pull request #1004 from SISheogorath/feature/integrateHljsChristoph (Sheogorath) Kern2018-10-111-1/+2
|\ \ \ | | | | | | | | Add autocomplete for highlight.js languages into codemirror
| * | | Add autocomplete for highlight.js languages into codemirrorSheogorath2018-10-101-1/+2
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | Right now we support code highlighting for rust, but it doesn't appear in autocomplete of codemirror, because codemirror is not aware of it. This patch lets highlightjs simply tell codemirror, what it supports and adds this to the autocomplete list. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* / / Remove dead package octiconSheogorath2018-10-106-23/+20
|/ / | | | | | | | | | | | | | | Octicon no longer provides its CSS classes and this way is useless in CodiMD. Replacing all used classes in the UI and remove it from build system. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #993 from SISheogorath/feature/useForkAwesomeChristoph (Sheogorath) Kern2018-10-095-5/+5
|\ \ | | | | | | Replace font-awesome with fork-awesome
| * | Replace font-awesome with fork-awesomeSheogorath2018-10-055-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch replaces font-awesome with its fork called fork-awesome. Besides the fact that the newer versions of font-awesome can't be shipped with distros like debian due to license issues, fork-awesome also provides more FOSS related icons and builds on top of version 4.7.x of font-awesome, which we used until this patch. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Fix #986 : Visibility is now transmitted with gitlab V4 apiCédric Couralet2018-10-091-1/+1
| |/ |/| | | | | Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
* | Add OpenID to CodiMDSheogorath2018-10-051-1/+20
|/ | | | | | | | With OpenID every OpenID capable provider can provide authentication for users of a CodiMD instance. This means we have federated authentication. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Add rel="noopener" to target="_blank" linksSheogorath2018-10-045-13/+15
| | | | | | | | | | The noopener construct protects from some nasty clickjacking attacks. We can apply them savely to all our links since we don't rely on the previously used page. Some more details: https://mathiasbynens.github.io/rel-noopener/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #932 from davidmehren/webpack-4Christoph (Sheogorath) Kern2018-10-032-3/+3
|\ | | | | Upgrade to Webpack 4
| * Upgrade to Webpack 4 - first tryDavid Mehren2018-09-062-3/+3
| | | | | | | | Signed-off-by: David Mehren <dmehren1@gmail.com>
* | Update release notes for 1.2.1Sheogorath2018-10-031-0/+49
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #977 from SISheogorath/fix/newExampleChristoph (Sheogorath) Kern2018-10-031-1/+1
|\ \ | | | | | | Replace youtube example video on features page
| * | Replace youtube example video on features pageSheogorath2018-10-021-1/+1
| | | | | | | | | | | | | | | | | | | | | Since the youtube video on our feature page seems to have vanished, this patch replaces it with an video of the blender foundation Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>