mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-25 11:16:31 -05:00
Update RevealJS to version 3.9.2
This update of revealJS helps us to get rid of the headjs depedency integration using webpack. It updates reveal.js to 3.9.2 and updates the csp hash accordingly for using the slide mode. Background for this update is the critical security vulnerability described by snyk in their disclosure: https://snyk.io/vuln/SNYK-JS-REVEALJS-543841 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
parent
c9e66c0385
commit
b3d4cdbceb
4 changed files with 3 additions and 5 deletions
|
@ -71,7 +71,7 @@ function addInlineScriptExceptions (directives) {
|
||||||
directives.scriptSrc.push(getCspNonce)
|
directives.scriptSrc.push(getCspNonce)
|
||||||
// TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html
|
// TODO: This is the SHA-256 hash of the inline script in build/reveal.js/plugins/notes/notes.html
|
||||||
// Any more clean solution appreciated.
|
// Any more clean solution appreciated.
|
||||||
directives.scriptSrc.push('\'sha256-Lc+VnBdinzYTTAkFrIoUqdoA9EQFeS1AF9ybmF+LLfM=\'')
|
directives.scriptSrc.push('\'sha256-81acLZNZISnyGYZrSuoYhpzwDTTxi7vC1YM4uNxqWaM=\'')
|
||||||
}
|
}
|
||||||
|
|
||||||
function getCspNonce (req, res) {
|
function getCspNonce (req, res) {
|
||||||
|
|
|
@ -110,7 +110,7 @@
|
||||||
"raphael": "git+https://github.com/dmitrybaranovskiy/raphael",
|
"raphael": "git+https://github.com/dmitrybaranovskiy/raphael",
|
||||||
"readline-sync": "^1.4.7",
|
"readline-sync": "^1.4.7",
|
||||||
"request": "^2.88.0",
|
"request": "^2.88.0",
|
||||||
"reveal.js": "~3.7.0",
|
"reveal.js": "~3.9.2",
|
||||||
"scrypt-async": "^2.0.1",
|
"scrypt-async": "^2.0.1",
|
||||||
"scrypt-kdf": "^2.0.1",
|
"scrypt-kdf": "^2.0.1",
|
||||||
"select2": "^3.5.2-browserify",
|
"select2": "^3.5.2-browserify",
|
||||||
|
|
|
@ -119,6 +119,6 @@ describe('Content security policies', function () {
|
||||||
it('Unchanged hash for reveal.js speaker notes plugin', function () {
|
it('Unchanged hash for reveal.js speaker notes plugin', function () {
|
||||||
const hash = crypto.createHash('sha1')
|
const hash = crypto.createHash('sha1')
|
||||||
hash.update(fs.readFileSync(path.resolve(__dirname, '../node_modules/reveal.js/plugin/notes/notes.html'), 'utf8'), 'utf8')
|
hash.update(fs.readFileSync(path.resolve(__dirname, '../node_modules/reveal.js/plugin/notes/notes.html'), 'utf8'), 'utf8')
|
||||||
assert.strictEqual(hash.digest('hex'), '471f3826880fac884a4a14faabc492bc854ae994')
|
assert.strictEqual(hash.digest('hex'), 'd5d872ae49b5db27f638b152e6e528837204d380')
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
|
@ -343,7 +343,6 @@ module.exports = {
|
||||||
'js-sequence-diagrams',
|
'js-sequence-diagrams',
|
||||||
'expose-loader?Viz!viz.js',
|
'expose-loader?Viz!viz.js',
|
||||||
'script-loader!abcjs',
|
'script-loader!abcjs',
|
||||||
'headjs',
|
|
||||||
'expose-loader?Reveal!reveal.js',
|
'expose-loader?Reveal!reveal.js',
|
||||||
'expose-loader?RevealMarkdown!reveal-markdown',
|
'expose-loader?RevealMarkdown!reveal-markdown',
|
||||||
path.join(__dirname, 'public/js/slide.js')
|
path.join(__dirname, 'public/js/slide.js')
|
||||||
|
@ -371,7 +370,6 @@ module.exports = {
|
||||||
'jquery-ui-resizable': path.join(__dirname, 'public/vendor/jquery-ui/jquery-ui.min.js'),
|
'jquery-ui-resizable': path.join(__dirname, 'public/vendor/jquery-ui/jquery-ui.min.js'),
|
||||||
'gist-embed': path.join(__dirname, 'node_modules/gist-embed/gist-embed.min.js'),
|
'gist-embed': path.join(__dirname, 'node_modules/gist-embed/gist-embed.min.js'),
|
||||||
'bootstrap-tooltip': path.join(__dirname, 'public/vendor/bootstrap/tooltip.min.js'),
|
'bootstrap-tooltip': path.join(__dirname, 'public/vendor/bootstrap/tooltip.min.js'),
|
||||||
'headjs': path.join(__dirname, 'node_modules/reveal.js/lib/js/head.min.js'),
|
|
||||||
'reveal-markdown': path.join(__dirname, 'public/js/reveal-markdown.js'),
|
'reveal-markdown': path.join(__dirname, 'public/js/reveal-markdown.js'),
|
||||||
abcjs: path.join(__dirname, 'public/vendor/abcjs_basic_3.1.1-min.js'),
|
abcjs: path.join(__dirname, 'public/vendor/abcjs_basic_3.1.1-min.js'),
|
||||||
raphael: path.join(__dirname, 'node_modules/raphael/raphael.no-deps.js')
|
raphael: path.join(__dirname, 'node_modules/raphael/raphael.no-deps.js')
|
||||||
|
|
Loading…
Reference in a new issue