jQuery's .html() method escapes contained text (e.g. '<' becomes
'<'). This confuses the turndown parser, which then only performs
unescaping, but does not convert to markdown.
By using .text() instead, the unescaped content is returned and turndown
can correctly generate markdown.
Signed-off-by: David Mehren <git@herrmehren.de>
If the slide options in the frontmatter are empty
or not present, then slideOptions object in the
parsed JSON is undefined. This triggers an
exception when the sanitized slide options object
is built.
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
A general invert-filter is applied to all pre elements in night mode. As diagrams are embedded inside pre tags, they're inverted as well. For sequence-diagrams and flow-charts this looks well, if we wouldn't additionally set the stroke and text color to white in night-mode. These additional white rules invert the already inverted diagram again and make it not good visible. The graphviz and abc embeddings aren't really optimized to be inverted, therefore they're now excluded from invertion and stay in day mode.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Reveal.js doesn't set the default value of an option in the provided config object
if the key is set with "undefined" as value. This leads to a broken slide mode,
because some critical settings are missing.
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
This should prevent the issue mentioned in https://github.com/hackmdio/codimd/issues/1648
Specifically left out are
- dependency (user can't really include anything anyway, because CSP forbids most domains)
- autoSlideMethod (nothing our users should be able to change as they won't write JS to be affected by this)
- keyboard (this let's users write arbitrary code and seems therefore to problematic)
See:
https://github.com/hakimel/reveal.js/blob/3.9.2/README.md#configuration
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Using jQuery's `.html()` method stores the given string as `innerHTML`, which enables injection of arbitrary DOM elements.
Using `.text()` instead mitigates this issue.
Signed-off-by: David Mehren <git@herrmehren.de>
This header needs to be set correctly if the reverse proxy terminates TLS, otherwise we don't send cookies.
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in public/views
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in README
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in SECURITY.md
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in LICENSE
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in docs/configuration.md
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in bin/setup
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in docs/guides
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in docs/dev
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in docs/guides/auth
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in docs/setup
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update various links in code to the new GitHub org.
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: codiMDVersion.js is now hedgeDocVersion.js
Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: References in docs/setup/yunohost
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rebrand to HedgeDoc: Add banner and logo
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Update links in docs/guides/migrate-etherpad
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Remove note in docs/guides/auth/github
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Replace links in public/docs/features
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Add todo placeholder in docs/history
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Replace github link in public/views/index/body
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Replace github link in README
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Add logo to README
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Rename to HedgeDoc: Add note about the renaming to the front page
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
Removed Travis from README.md and change CodiMD to HedgeDoc in some places
Signed-off-by: Yannick Bungers <git@innay.de>
Some more renaming to HedgeDoc
- Fixed capitalization of HedgeDoc
- Added renaming for etherpad migration doc
Signed-off-by: Yannick Bungers <git@innay.de>
Changed Repo name to hedgedoc
Signed-off-by: Yannick Bungers <git@innay.de>
This patch adds the Malayalam translation to CodiMD. Do by our awesome
translation supporters civic john, Sooraj Kenoth, Nithin Prabhakaran and
Jothish.
Thank you very much!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
The lack of a 'preventDefault' on the click event handler resulted in the dropbox link being unclickable.
Furthermore because of a missing CSP rule, the dropbox script couldn't be loaded. The dropbox origin is now added to the CSP script sources if dropbox integration is configured.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
The current version of CodiMD/HedgeDoc does only support translations to be filled on server-side rendering. To allow the translation of the changed/created texts, I duplicated the container that holds the text, and pre-filed these containers with the translation server-side. The client just needs to hide the unneeded container and show the right one to show the translated status text.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Until now client-side translations were only possible in the context of the intro/history page, because the locale-detection logic relied on the language selector as a source of available languages. The editor of course has no such selector. With this commit, I copied the list of available languages from the i18n-initialization (server-side) to support language detection in the editor too.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Linting markdown files according to default remark-lint configuration.
Files inside the `public` directory were not linted.
Signed-off-by: oupala <oupala@users.noreply.github.com>
CodiMD currently only uses the 'lang' attribute in YAML-metadata of a note for setting certain js-elements of the markdown-renderer. This commit adds the chosen lang into the published version of a note.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite
Signed-off-by: David Mehren <dmehren1@gmail.com>
Adding translations for permissions for a possible 1.6.1 release doesn't
hurt but might helps some usecases of running CodiMD and we'll need the
translations in the new frontend anyway.
This patch adds the translations as well as the english local file.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
The revision view had a bug that clicking on a list entry would redirect
the user back to the index page instead of providing the revision diff.
This was cased by the baseurl which is now used as reference for hrefs.
Therefore when clicking on the `href="#"` this was actually pointing at
`<baseurl>#` which is usually the index page.
This patch simply removes the href from the list items and therefore the
link functionality. This fixes the whole problem by removing 9
characters from our source code.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Webpack now uses relative paths for resources linked from by static
snippets. A templated <base> tag has been introduced in headers
so app.js can set the base URL at runtime.
Signed-off-by: Enrico Guiraud <enrico.guiraud@cern.ch>
Because sandbox is whitelist attribute, attacker will be able to create iframe that has more permission than default.
Signed-off-by: RyotaK <49341894+ry0tak@users.noreply.github.com>
This makes the references consistent/compatible with GitHub,
GitLab, Pandoc and many other tools.
This behavior can be enabled in config.json with:
```
"linkifyHeaderStyle": "gfm"
```
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
- image and URL properties are only included if
the server url is set, because opengraph
protocol does not support relative links
Signed-off-by: Erik Michelson <erik@liltv.de>
Thanks to our great translators that made it to translate the major
parts of CodiMD into Arabic!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Do Not Track (DNT) is an old web standard in order to notify pages that
the user doesn't want to be tracked. Even while a lot of pages either
ignore this header or even worse, use it for tracking purposes, the
orignal intention of this header is good and should be adopted.
This patch implements a respect of the DNT header by no longer including
the optional Google Analytics and disqus integrations when sending a DNT
header. This should reduce outside resource usage and help to stay more
private.
This should later-on extended towards other document content (i.e.
iframe based content).
The reason to not change the CDN handling is that CDNs will be
deprecated with next release and removed in long term.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Since we are about to release it's time to finally fix our linting. This
patch basically runs eslint --fix and does some further manual fixes.
Also it sets up eslint to fail on every warning on order to make
warnings visable in the CI process.
There should no functional change be introduced.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
In order to have a better experience when linking to headlines based on
their ID, a patch[1] introduced a new CSS construct to add some space in
front of HTML tags with an id field. Therefore they would no longer be
hidden by a visible navbar.
This cause a regression bug by moving the rendered mathjax out of its
visible area. This patch fixes the problem by restricting the previous
change to headlines only.
[1]: commit c9af13cf34
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
As we are about to announce the community forum, we should provide a
link to it in the footer. This patch adds Discouse between Riot, GitHub
and Mastodon as platform to follow our progress.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
There was some awesome work by Hồng in the recent days who translated
CodiMD completely into Vietnamese language! This patch provides this
awesome contributions.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
As it may happens that the codemirror content flows underneath the
status bar, this patch should help to avoid it. It adds the size of the
status bar as margin-bottom so the codemirror window itself is forced
above the statusbar.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
When people link a section or use the ToC to scroll to it upwards, it
happens that those become hidden behind the navbar.
This patch adds a little hack from StackOverflow[1] in order to fix this
problem. By adding a pseudo element in front of any field that contains
an id, it's possible to add the needed space.
There was no negative impact found except of marking around the header
areas in the rendered view requires a bit preciser work. This needs some
more detailed testing.
[1]: https://stackoverflow.com/a/24298427
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
js-url is outdated and wurl is it's successor. This will fix some
vulnerabilities in the dependencies and also optimize the build process
by removing the external library toward internal tooling.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
We have a community forum and want to use it for users support and to
bring developers and end-users together. In order to achieve this, it
would be helpful to inform users about its existence.
This patch adds the community forum as resource to the help section and
aligns it along the Matrix channel and GitHub issue tracker.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
The old screenshot is quite dated since it's from the earlier days of
HackMD.
But we developed a lot in the recent years. Changed the name, added a
toolbar, moved buttons, and so on.
This patch should represent those changes in the front page.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
When introducing night mode the rule for the background of the view
switches seems to be generated from the view button.
This patch should change the introduced rule to fix for all default
buttons.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
After a long discussion, it turned out that CodiMD as community project
and HackMD as a company, have fundamental different views on the project
governance.
Due to this, it came to point where the decision for a fork was made.
After the fork and move towards an own organisation, this patch updates
all links inside the project to the new repositories.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Currently we have the odd situation to have two toolbars. One inside the
header and one in the editor.
Since we only show the image upload button when the editor is visible we
should move the upload button into the editor toolbar.
This patch does this by adding the image upload button besides the image
tag button.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Vladan[1] gave a hint about some minor problems with the capitalization
of language names.
This patch should fix most of them. and removes some "language" prefix
and suffixes which are not needed to make clear what people are
selecting here.
[1]: https://github.com/cvladan
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Since not all languages use the same word oder and we run into potential
issues, where the translation of powered by need to add something after
the CodiMD link, this should give us the needed flexiblity.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
HTML export was broken due to missing alt-attribute for emojis.
This patch adds the old alt-element style and restores the exportability
this way.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Thanks for the work of the translator Vladan we got a serbian
translation added! Those few changes will add serbian language support
for future CodiMD releases.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
The current speakerdeck implementation is broken. An alternative
implementation using oembed doesn't work due to CORS, which could be
solved by proxying the speakerdeck API, but we decided to not do this.
This patch provides the link to the speakerdeck presentation instead,
and this way doesn't break existing notes. This is right now the best
solution we could come up with.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Our socket.io version is 2.0.4 while the current socket.io version is
2.1.1.
This patch updates socket.io to version 2.1.1 and takes care of the CDN
client version.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
There are some places in our code that made it to be not translated.
This patch fixes some small translation problems and adds some static
strings in templates to translation.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
There is a new reveal.js version out. As we try to keep up with
upstream, time to integreate it.
This patch updates reveal.js in for CDN-using instances as well as the
ones using the libraries.
Checked that speaker view in slide mode still works, so no CSP change
needed.
https://github.com/hakimel/reveal.js/releases/tag/3.7.02d241b9300/lib/csp.js (L72-L74)
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
While experimenting with the ToC changes, it became obvious that anchors
for those unnamed headers don't work.
This patch fixes those links by running the autolinkify twice and make
sure linkify only adds links to non-empty ids.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>