Max Wu
711a11ce23
Remove manual allow details tag since default already allow it
...
Signed-off-by: Max Wu <jackymaxj@gmail.com>
2018-02-26 20:54:57 +08:00
Sheogorath
5d347d583d
Extend HTML5 support by whitelisting various tags
...
HTML5 provides a wide feature set of useful elements. Since Markdown
usually supports HTML it should be able to use these HTML5 tags as well.
As they were requested by some users and they where checked for being
safe, whitelisting them isn't a problem. To make the experience the same
as on GitHub when it comes to the basic look and feel of the rendered
markdown, some CSS was added to make the summary and the details tag
look like on GitHub.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-02-25 14:54:21 +01:00
Sheogorath
9c77e9d7f0
Allow the usage of the esc-key by codemirror
...
This change allows all input modes of codemirror to use the information
from an input esc-key and make this way vim and sublime more
functional. To prevent this change from breaking the return from the
fullscreen mode, it catches the esc-key in this case. Hopefully this is
an acceptable solution.
As before the vim-mode is handled different in fulltext-mode as it is
esc-key heavy.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-02-24 21:14:47 +01:00
Stefan Bühler
c4f8fb78ee
don't require referer to find note id in socket.io connections ( fixes #623 )
...
Signed-off-by: Stefan Bühler <buehler@cert.uni-stuttgart.de>
2018-02-05 14:26:42 +01:00
Max Wu
a9c88ce248
Fix task todo might not toggle
...
which caused by not matching syntax with double dashes correctly
2018-01-24 00:10:52 +08:00
Christoph (Sheogorath) Kern
584f1c5249
Merge pull request #691 from SISheogorath/feature/upload
...
Allow more detailed configuration of upload mime types
2018-01-23 12:10:33 +01:00
Christoph (Sheogorath) Kern
7de6e3211f
Merge pull request #598 from xxyy/feature/csp
...
Implement basic CSP support
2018-01-22 20:43:46 +01:00
Sheogorath
a7935a595a
Allow more detailed configuration of upload mime types
...
Fixes #637
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-20 15:16:53 +01:00
Wu Cheng-Han
3703b12584
Fix image alt not render properly
2018-01-19 00:53:49 +08:00
Max Wu
919b7467d4
Fix anchor id to keep uppercase characters
...
id shouldn’t be converted to lowercase since id attribute is case sensitive
2018-01-16 15:59:43 +08:00
Edoardo Odorico
6fc2c39eda
✨ Implemented dark theme.
...
Signed-off-by: Edoardo Odorico <edoubuntu@gmail.com>
2018-01-05 00:15:13 +01:00
Peter Dave Hello
76873d3f7e
Fix file permission, remove useless executable
2017-12-14 05:05:18 +08:00
Christoph (Sheogorath) Kern
b840c3fa57
Merge pull request #609 from monoxane/master
...
Correcting grammatical errors related to the document char count tooltip
2017-12-12 10:39:49 +01:00
Sheogorath
93b91163cd
Prevent XSS vul by srcdoc in iframe
2017-11-24 10:10:50 +01:00
Literallie
3a752fde51
Revert "Load js-url lib using legacy-loader"
...
Didn't work in Firefox for some reason.
`[Script Loader] ReferenceError: module is not defined`
This reverts commit 5b83deb043
.
2017-11-02 17:57:44 +01:00
Sheogorath
e807f1b783
Fix mermaid error handling
2017-10-30 12:26:28 +01:00
Sheogorath
09d2ba41cf
Use mermaidAPI in mermaid scope
...
Introduced by a5b7145527 (diff-67ae90c5144c55348a3cbdb078240454L532)
Fixes #600
Parse only throws error: 167368d508 (diff-67ae90c5144c55348a3cbdb078240454)
2017-10-30 07:11:14 +01:00
Oliver Herrmann
7d0ef1276c
Corrected some grammatical issues
...
Obviously caught up in a bad translation and didn't particularly make sense for native english speakers.
2017-10-30 11:25:44 +11:00
Sheogorath
c794412714
Merge pull request #591 from Rwing/master
...
support Simplified Chinese and rename original zh to Traditional Chinese
2017-10-23 11:53:31 +02:00
Rwing
362a7eaf65
support Simplified Chinese and rename original zh to Traditional Chinese
2017-10-23 17:38:04 +08:00
Literallie
567f26f5b9
Fix MathJax config not being picked up
...
thanks standard
2017-10-22 02:48:24 +02:00
Literallie
04f5e3a341
Move CSP logic to new file, Fix boolean config examples
...
Not sure why I was quoting these in the first place
2017-10-22 02:18:45 +02:00
Literallie
5b83deb043
Load js-url lib using legacy-loader
...
Doesn't use eval, plus no window object access
2017-10-22 00:03:45 +02:00
Literallie
4238b9b3ef
Fix MathJax CSP issues
2017-10-22 00:03:45 +02:00
Yukai Huang
60b86e0250
Fix markdown-it gist plugin code closing tag
...
fix #596
2017-10-21 11:45:17 +08:00
Wu Cheng-Han
d96385eafd
Fix to filter @import CSS syntax in style tag to prevent XSS [Security Issue]
2017-10-05 10:17:26 +08:00
Wu Cheng-Han
b0b417cefc
Fix unescape > symbol inside the style tags to make the CSS works
2017-10-05 09:59:57 +08:00
Wu Cheng-Han
8979f215ab
Fix blockquote not parse correctly in slide mode
2017-10-05 09:59:07 +08:00
Wu Cheng-Han
2bdccd3996
Fix home and end keys behavior for windows
2017-09-27 21:27:33 +08:00
Wu Cheng-Han
fe384d80bf
Fix the < and > symbols are doubly escaped which affected by executing preventXSS twice
2017-09-27 18:22:49 +08:00
Wu Cheng-Han
f2743ff8f8
Fix slide mode contains unclosed tags might cause XSS [Security Issue]
2017-09-27 18:21:28 +08:00
Wu Cheng-Han
9b00afb863
Fix unclosed tags might cause XSS [Security Issue]
2017-09-27 18:20:04 +08:00
Max Wu
a645f28b33
Fix slide mode might hide scrollbar on some linux
2017-06-14 12:12:28 +08:00
Wu Cheng-Han
48f8378335
Fix speaker note separator regex should only take effect on the line start
2017-06-05 01:20:21 +08:00
Max Wu
c37b666915
Merge branch 'master' into BackendRefactor
2017-05-14 17:42:14 +08:00
BoHong Li
8c2b00b05a
style: Fixed variable already declared
2017-05-08 19:29:07 +08:00
Yukai Huang
4839838d0c
Manage syncscroll / currentMode in appState
2017-05-07 20:38:22 +08:00
Yukai Huang
0e9afde5fa
Move syncsroll under lib
2017-05-07 20:38:22 +08:00
Yukai Huang
d9221f6011
Remove CodeMirror-other-cursors dom creation
...
Since it’s done via hackmdio/CodeMirror#1
2017-05-07 20:38:22 +08:00
Yukai Huang
88c0c68856
Change more global var to global
2017-05-07 20:38:22 +08:00
Yukai Huang
68ccee20b3
Extract modeType
2017-05-07 20:37:27 +08:00
Yukai Huang
18a6f9063e
Change some global variables to local
2017-05-07 20:37:27 +08:00
Yukai Huang
432f215a45
Fix indentation
2017-05-07 20:37:27 +08:00
Yukai Huang
c6c11c54ef
Expose internal editor config variable
2017-05-07 20:37:27 +08:00
Yukai Huang
db06a51299
Load statusbar template by string-loader
2017-05-07 20:37:26 +08:00
Wu Cheng-Han
e32dd547b4
Update to support code block syntax highlighting of gherkin
2017-05-05 18:03:23 +08:00
Wu Cheng-Han
48df250491
Fix link regex should filter protocol with case insensitive flag [Security Issue]
2017-04-11 22:25:14 +08:00
Yukai Huang
a938cac42a
Fix indentations
2017-03-28 20:38:31 +08:00
Yukai Huang
b711ecfadb
Drop global variable ui exposing
2017-03-28 19:30:06 +08:00
Yukai Huang
ba1bef015f
Update to es6 module import style
2017-03-28 18:31:36 +08:00