github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-25 11:16:31 -05:00
Code Issues Projects Releases Packages Wiki Activity
2781 commits 39 branches 47 tags 112 MiB
Commit graph

618 commits

Author SHA1 Message Date
Sheogorath
75a23fe2c9
Add rel="noopener" to target="_blank" links 
The noopener construct protects from some nasty clickjacking attacks. We
can apply them savely to all our links since we don't rely on the
previously used page.

Some more details: https://mathiasbynens.github.io/rel-noopener/

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-10-04 01:49:36 +02:00
Cédric Couralet
66d374b128 Add possibility to choose between version v3 or v4 for the gitlab api. 
Apart from the uri versioning, one big change is the snippet visibility post data (visibility_level -> visibility)

Default gitlab api version to v4

Signed-off-by: Cédric Couralet <cedric.couralet@gmail.com>
 2018-07-31 08:36:56 +00:00
Alexander Wellbrock
97c2330264
Fix some false titles 
Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>
 2018-07-08 20:41:46 +02:00
Sheogorath
dea62cf310
Update store 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-06-30 16:52:34 +02:00
Sheogorath
1c92524c08
Fix broken unicode urls 
It wasn't possible to create unicode based URLs in freeurl mode, because
the noteid used for the websocket connection is double escaped. When we
decode it and let socketio-client reencode it, we get the real
shortid/noteid and can find the note in the database and open the
connection.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-06-26 22:25:36 +02:00
Christoph (Sheogorath) Kern
c7745f6b27
Merge pull request #863 from hackmdio/feature/slidePrint 
Add Print icon to slide view
 2018-06-26 21:41:18 +02:00
Sheogorath
04d16e4d6e
Add Print icon to slide view 
It redirects the user to the print view of the document. I claim that
people should either be smart enough to use ctrl+P or ask someone who
knows how to print a webpage. I don't want to babysit our users.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-06-24 23:50:38 +02:00
Sheogorath
2184491f4a
Final replacements 
Looks like I missed a few. This should be complete now. And make us
ready for the repo rename and merging.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-06-24 14:13:46 +02:00
Sheogorath
4b060c7dba
Rebrand HackMD to CodiMD 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-06-24 13:24:12 +02:00
Sheogorath
8fe26988d1
Fix all newly introduced linting issues 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-06-23 21:27:21 +02:00
Sheogorath
49db5bc653
Merge branch 'pr-846' 2018-06-23 21:19:44 +02:00
Sheogorath
f65d96c57b
Fix liniting and optimize some functions 
First fixed some linting issues. Also optimized some functions to be
undoable with one ctrl+z.

This should also speedup some operations

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-06-23 21:18:15 +02:00
Jake Burden
b98d10c79a turn concatenated string into a multi-line template string 
Signed-off-by: Jake Burden <jake@doge.haus>
 2018-06-22 18:08:47 -04:00
Edgar Zanella Alvarenga
a8b664fdb5 Add a toolbar to Codemirror editor 
Signed-off-by: Edgar Zanella Alvarenga <e@vaz.io>
 2018-06-19 16:03:56 +02:00
Sheogorath
9fd09a8dfb
Add delete user UI 
This provides the UI for the delete user feature introduced in
4229084c62

Placing of the user delete button is not perfect, but can be moved to an
own user tab later on.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-05-25 17:11:11 +02:00
Sheogorath
ad69c5017b
Removing google drive integration 
It's sad but it's not working. For multiple releases this should be
already broken which shows how often it's used.

As there is also a security issue related to that, it's better to
remove the feature completely. Whoever wants to rewrite it, feel free to
go.

This commit removes the Google Drive integration from HackMD's Frontend
editor and this way removes the need to provide any API key and Client
ID in the frontend.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-05-16 01:34:55 +02:00
Sheogorath
8b69013ebd
Fix night mode button after restore 
The night mode toggle doesn't get the right state after restore from
local storage. This results in the need to toggle twice to disable night
mode.

This patch adds the needed class so the toggleNightMode function gets
the right state on execution.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-03-25 20:12:02 +02:00
Sheogorath
32c578db08
Persist nightmode so we can re-enable it 
Right now the night mode is possible to set by a toggle in the menu bar
but needs to be re-enabled on every document switch, reload, etc.. This
is super annoying so we should keep this state in local storage or
a cookie.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-03-23 19:46:38 +01:00
Christoph (Sheogorath) Kern
f6df2deb84
Merge pull request #743 from hackmdio/fix-to-use-url-safe-base64 
Fix to use url-safe base64 in note url
 2018-03-18 15:13:06 +01:00
Max Wu
8bfe51940f Fix typo 
Signed-off-by: Max Wu <jackymaxj@gmail.com>
 2018-03-11 03:00:36 +08:00
Max Wu
dfd833dbe2 Update to show log on migrate LZString type note url in history 
Signed-off-by: Max Wu <jackymaxj@gmail.com>
 2018-03-11 02:55:54 +08:00
Max Wu
d08c9522c0 Update to migrate note url in the history of browser storage and cookie 
Signed-off-by: Max Wu <jackymaxj@gmail.com>
 2018-03-03 16:26:19 +08:00
Max Wu
95e9f96aa0 Update to allow rp tag for ruby 
Signed-off-by: Max Wu <jackymaxj@gmail.com>
 2018-02-26 20:55:10 +08:00
Max Wu
711a11ce23 Remove manual allow details tag since default already allow it 
Signed-off-by: Max Wu <jackymaxj@gmail.com>
 2018-02-26 20:54:57 +08:00
Sheogorath
5d347d583d
Extend HTML5 support by whitelisting various tags 
HTML5 provides a wide feature set of useful elements. Since Markdown
usually supports HTML it should be able to use these HTML5 tags as well.
As they were requested by some users and they where checked for being
safe, whitelisting them isn't a problem. To make the experience the same
as on GitHub when it comes to the basic look and feel of the rendered
markdown, some CSS was added to make the summary and the details tag
look like on GitHub.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-02-25 14:54:21 +01:00
Sheogorath
9c77e9d7f0
Allow the usage of the esc-key by codemirror 
This change allows all input modes of codemirror to use the information
from an input esc-key and make this way vim and sublime more
functional. To prevent this change from breaking the return from the
fullscreen mode, it catches the esc-key in this case. Hopefully this is
an acceptable solution.

As before the vim-mode is handled different in fulltext-mode as it is
esc-key heavy.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-02-24 21:14:47 +01:00
Stefan Bühler
c4f8fb78ee don't require referer to find note id in socket.io connections (fixes #623) 
Signed-off-by: Stefan Bühler <buehler@cert.uni-stuttgart.de>
 2018-02-05 14:26:42 +01:00
Max Wu
a9c88ce248
Fix task todo might not toggle 
which caused by not matching syntax with double dashes correctly
 2018-01-24 00:10:52 +08:00
Christoph (Sheogorath) Kern
584f1c5249
Merge pull request #691 from SISheogorath/feature/upload 
Allow more detailed configuration of upload mime types
 2018-01-23 12:10:33 +01:00
Christoph (Sheogorath) Kern
7de6e3211f
Merge pull request #598 from xxyy/feature/csp 
Implement basic CSP support
 2018-01-22 20:43:46 +01:00
Sheogorath
a7935a595a
Allow more detailed configuration of upload mime types 
Fixes #637

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-01-20 15:16:53 +01:00
Wu Cheng-Han
3703b12584 Fix image alt not render properly 2018-01-19 00:53:49 +08:00
Max Wu
919b7467d4
Fix anchor id to keep uppercase characters 
id shouldn’t be converted to lowercase since id attribute is case sensitive
 2018-01-16 15:59:43 +08:00
Edoardo Odorico
6fc2c39eda Implemented dark theme. 
Signed-off-by: Edoardo Odorico <edoubuntu@gmail.com>
 2018-01-05 00:15:13 +01:00
Peter Dave Hello
76873d3f7e Fix file permission, remove useless executable 2017-12-14 05:05:18 +08:00
Christoph (Sheogorath) Kern
b840c3fa57
Merge pull request #609 from monoxane/master 
Correcting grammatical errors related to the document char count tooltip
 2017-12-12 10:39:49 +01:00
Sheogorath
93b91163cd
Prevent XSS vul by srcdoc in iframe 2017-11-24 10:10:50 +01:00
Literallie
3a752fde51
Revert "Load js-url lib using legacy-loader" 
Didn't work in Firefox for some reason.

`[Script Loader] ReferenceError: module is not defined`

This reverts commit 5b83deb043.
 2017-11-02 17:57:44 +01:00
Sheogorath
e807f1b783
Fix mermaid error handling 2017-10-30 12:26:28 +01:00
Sheogorath
09d2ba41cf
Use mermaidAPI in mermaid scope 
Introduced by a5b7145527 (diff-67ae90c5144c55348a3cbdb078240454L532)

Fixes #600

Parse only throws error: 167368d508 (diff-67ae90c5144c55348a3cbdb078240454)
 2017-10-30 07:11:14 +01:00
Oliver Herrmann
7d0ef1276c
Corrected some grammatical issues 
Obviously caught up in a bad translation and didn't particularly make sense for native english speakers.
 2017-10-30 11:25:44 +11:00
Sheogorath
c794412714 Merge pull request #591 from Rwing/master 
support Simplified Chinese and rename original zh to Traditional Chinese
 2017-10-23 11:53:31 +02:00
Rwing
362a7eaf65 support Simplified Chinese and rename original zh to Traditional Chinese 2017-10-23 17:38:04 +08:00
Literallie
567f26f5b9
Fix MathJax config not being picked up 
thanks standard
 2017-10-22 02:48:24 +02:00
Literallie
04f5e3a341
Move CSP logic to new file, Fix boolean config examples 
Not sure why I was quoting these in the first place
 2017-10-22 02:18:45 +02:00
Literallie
5b83deb043
Load js-url lib using legacy-loader 
Doesn't use eval, plus no window object access
 2017-10-22 00:03:45 +02:00
Literallie
4238b9b3ef
Fix MathJax CSP issues 2017-10-22 00:03:45 +02:00
Yukai Huang
60b86e0250 Fix markdown-it gist plugin code closing tag 
fix #596
 2017-10-21 11:45:17 +08:00
Wu Cheng-Han
d96385eafd Fix to filter @import CSS syntax in style tag to prevent XSS [Security Issue] 2017-10-05 10:17:26 +08:00
Wu Cheng-Han
b0b417cefc Fix unescape > symbol inside the style tags to make the CSS works 2017-10-05 09:59:57 +08:00
Wu Cheng-Han
8979f215ab Fix blockquote not parse correctly in slide mode 2017-10-05 09:59:07 +08:00
Wu Cheng-Han
2bdccd3996 Fix home and end keys behavior for windows 2017-09-27 21:27:33 +08:00
Wu Cheng-Han
fe384d80bf Fix the < and > symbols are doubly escaped which affected by executing preventXSS twice 2017-09-27 18:22:49 +08:00
Wu Cheng-Han
f2743ff8f8 Fix slide mode contains unclosed tags might cause XSS [Security Issue] 2017-09-27 18:21:28 +08:00
Wu Cheng-Han
9b00afb863 Fix unclosed tags might cause XSS [Security Issue] 2017-09-27 18:20:04 +08:00
Max Wu
a645f28b33 Fix slide mode might hide scrollbar on some linux 2017-06-14 12:12:28 +08:00
Wu Cheng-Han
48f8378335 Fix speaker note separator regex should only take effect on the line start 2017-06-05 01:20:21 +08:00
Max Wu
c37b666915 Merge branch 'master' into BackendRefactor 2017-05-14 17:42:14 +08:00
BoHong Li
8c2b00b05a style: Fixed variable already declared 2017-05-08 19:29:07 +08:00
Yukai Huang
4839838d0c Manage syncscroll / currentMode in appState 2017-05-07 20:38:22 +08:00
Yukai Huang
0e9afde5fa Move syncsroll under lib 2017-05-07 20:38:22 +08:00
Yukai Huang
d9221f6011 Remove CodeMirror-other-cursors dom creation 
Since it’s done via hackmdio/CodeMirror#1
 2017-05-07 20:38:22 +08:00
Yukai Huang
88c0c68856 Change more global var to global 2017-05-07 20:38:22 +08:00
Yukai Huang
68ccee20b3 Extract modeType 2017-05-07 20:37:27 +08:00
Yukai Huang
18a6f9063e Change some global variables to local 2017-05-07 20:37:27 +08:00
Yukai Huang
432f215a45 Fix indentation 2017-05-07 20:37:27 +08:00
Yukai Huang
c6c11c54ef Expose internal editor config variable 2017-05-07 20:37:27 +08:00
Yukai Huang
db06a51299 Load statusbar template by string-loader 2017-05-07 20:37:26 +08:00
Wu Cheng-Han
e32dd547b4 Update to support code block syntax highlighting of gherkin 2017-05-05 18:03:23 +08:00
Wu Cheng-Han
48df250491 Fix link regex should filter protocol with case insensitive flag [Security Issue] 2017-04-11 22:25:14 +08:00
Yukai Huang
a938cac42a Fix indentations 2017-03-28 20:38:31 +08:00
Yukai Huang
b711ecfadb Drop global variable ui exposing 2017-03-28 19:30:06 +08:00
Yukai Huang
ba1bef015f Update to es6 module import style 2017-03-28 18:31:36 +08:00
Yukai Huang
7637a6a8a6 Update cm instance in changes event argument 2017-03-28 17:32:42 +08:00
Yukai Huang
f5b95c5d36 Move updateStatusBar method into editor class 2017-03-28 17:16:32 +08:00
Yukai Huang
df743ab902 Fix listener “this” context 2017-03-28 17:11:20 +08:00
Yukai Huang
46ed658d8b Promisify getStatusBarTemplate method 2017-03-28 15:24:52 +08:00
Yukai Huang
af5ef52f4b Add cm instance to cursorActivity argument 2017-03-28 12:15:56 +08:00
Yukai Huang
579dda9515 Update focus argument with cm instance 2017-03-28 12:11:05 +08:00
Yukai Huang
d7c068cbfd Rewrite cursorActivity with multi listener style 
- adjust function order to prevent standard lint failure
 2017-03-28 12:10:35 +08:00
Yukai Huang
b86ecb1342 Extract selection update from updateStatusbar 2017-03-28 11:57:44 +08:00
Yukai Huang
81666a726c Impl multiple codemirror event listener 2017-03-28 11:18:36 +08:00
Yukai Huang
fff7ebd1b5 Change minor TODO to FIXME 2017-03-28 11:17:30 +08:00
Wu Cheng-Han
b2985085d0 Update to change makefile syntax highlighting to Prism 2017-03-26 23:09:13 +08:00
Wu Cheng-Han
a3cdc5ba80 Update to add abc in support charts of textcomplete 2017-03-26 20:46:05 +08:00
Wu Cheng-Han
961d3fab1c Fix code style 2017-03-26 20:45:23 +08:00
Wu Cheng-Han
61dc6dbc15 Add support of abcjs 2017-03-26 20:39:07 +08:00
Wu Cheng-Han
3156c38598 Fix text complete of extra tags for list not triggered properly 2017-03-23 20:49:31 +08:00
Wu Cheng-Han
890f7089bf Fix google drive file picker not initialize properly 2017-03-23 20:17:50 +08:00
Wu Cheng-Han
e629800457 Fix XSS vulnerability in link regex [Security Issue] 2017-03-22 18:26:35 +08:00
Wu Cheng-Han
0f3b028ed6 Fix render.js code styles 2017-03-22 18:26:30 +08:00
Wu Cheng-Han
cac618eca8 Fix front-end index.js code styles 2017-03-22 17:48:26 +08:00
Wu Cheng-Han
802ed406e6 Fix todo list item class might add in wrong element 2017-03-22 15:42:38 +08:00
Wu Cheng-Han
9ff3649025 Fix unnecessary global calling of ownerui 2017-03-22 15:42:11 +08:00
Wu Cheng-Han
b17c2404b1 Fix duplicated loading of reveal markdown plugin 2017-03-21 20:44:12 +08:00
Wu Cheng-Han
afc4f269bc Update to make removeDOMEvents only process once in slide mode 2017-03-20 11:28:50 +08:00
Wu Cheng-Han
448b006194 Update to generate front-end constants on server startup 
To avoid extra webpacking on changing configs and follow the 12 factor app
 2017-03-20 01:39:09 +08:00
Max Wu
f6bd238b0f Merge pull request #387 from hackmdio/cm-refactor 
Extract CodeMirror instance
 2017-03-14 23:11:56 +08:00
Wu Cheng-Han
f55a4b8497 Update to fix pagination error in list.js over v1.5.0 2017-03-14 23:08:15 +08:00
Wu Cheng-Han
2fa51fb4ba Fix export html to replace fallen cdn tortue.me to cdnjs 2017-03-14 16:37:38 +08:00