Dropbox loads an external script that adds inline javascript. Therefore, this addition is needed when enabling dropbox support.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
The lack of a 'preventDefault' on the click event handler resulted in the dropbox link being unclickable.
Furthermore because of a missing CSP rule, the dropbox script couldn't be loaded. The dropbox origin is now added to the CSP script sources if dropbox integration is configured.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
The current version of CodiMD/HedgeDoc does only support translations to be filled on server-side rendering. To allow the translation of the changed/created texts, I duplicated the container that holds the text, and pre-filed these containers with the translation server-side. The client just needs to hide the unneeded container and show the right one to show the translated status text.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Until now client-side translations were only possible in the context of the intro/history page, because the locale-detection logic relied on the language selector as a source of available languages. The editor of course has no such selector. With this commit, I copied the list of available languages from the i18n-initialization (server-side) to support language detection in the editor too.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Add default values to configuration documentation when a default value is hard-coded. Specify **no default** otherwise.
Signed-off-by: oupala <oupala@users.noreply.github.com>
To make it more obvious for people, a note in the README as recommended
by danyork[1] seems like a good idea.
[1]: https://github.com/danyork
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
The projects are going into completely different directions these days.
Therefore I think it's no longer appropriated to have this note
around.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Linting markdown files according to default remark-lint configuration.
Files inside the `public` directory were not linted.
Signed-off-by: oupala <oupala@users.noreply.github.com>
Override markdown linting preset to disable a rule that seems useless and to change the default setting of 2 other rules.
Signed-off-by: oupala <oupala@users.noreply.github.com>
CodiMD currently only uses the 'lang' attribute in YAML-metadata of a note for setting certain js-elements of the markdown-renderer. This commit adds the chosen lang into the published version of a note.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Add remark-lint dependencies as dev dependencies, and an npm script alias to launch markdown linting with `npm run markdownlint`.
Signed-off-by: oupala <oupala@users.noreply.github.com>
Synk reported an Remote Code Execution vulnerability for the
passport-ldapauth dependency `bunyan`. This RCE is due to wrong command
sanitizing but doesn't only affects the executable the libary provides.
It has no impact on CodiMD.
This patch just updates passport-ldapauth since it's long overdue anyway
and to silence annoying security scanners that pretend this is rather
critical for us.
Reference:
ea21d75f54https://app.snyk.io/vuln/SNYK-JS-BUNYAN-573166
This is a backport of #278 with the default value of `scope` changed to
`undefined`. This is thus a fully backward-compatible change.
Signed-off-by: Victor Berger <victor.berger@m4x.org>