Commit graph

45 commits

Author SHA1 Message Date
David Mehren
faa10da86b Set all cookies with sameSite: strict
Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-07-10 18:40:56 +08:00
Erik Michelson
76f07efcbc
Fixed eslint error introduced by 2d3ea1f
Signed-off-by: Erik Michelson <erik@liltv.de>
2020-04-24 03:15:19 +02:00
Sheogorath
2d3ea1fc61
Merge pull request #312 from PascalBru/feature_301
add icon to toolbar with list of diagrams
2020-03-26 00:26:12 +01:00
Pascal Bruckert
3f047e33c4 add icon to toolbar with list of diagrams
Signed-off-by: Pascal Bruckert <pascal.bruckert@bit-sci.com>
2020-03-25 19:38:32 +01:00
Sheogorath
a2522888b2
Remove PDF export
As we already decleared in earlier versions, this patch removes PDF
export entirely. It's a not acceptable security risk for every CodiMD
instance.

The current implementation allowed to extract arbitary files from the
CodiMD host and therefore leaking secrets from a `/etc/passwd` to
CodiMD's own config files and all secrets contained in it.

Thanks to Joona for finding this vulnerability in August last year,
which lead to an emergency disabling of PDF exports in 1.5.0.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-26 15:05:54 +01:00
hoijui
47009805b3 linkifyHeaderStyle needs no string-ification; is already str.
Co-Authored-By: Yukai Huang <yukaihuangtw@gmail.com>
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-30 17:46:04 +01:00
hoijui
e654ca8a31 Allow to generate lower case header references through the config
This makes the references consistent/compatible with GitHub,
GitLab, Pandoc and many other tools.

This behavior can be enabled in config.json with:

```
"linkifyHeaderStyle": "gfm"
```

Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-22 09:05:37 +02:00
Sheogorath
4da68597f7
Fix eslint warnings
Since we are about to release it's time to finally fix our linting. This
patch basically runs eslint --fix and does some further manual fixes.
Also it sets up eslint to fail on every warning on order to make
warnings visable in the CI process.

There should no functional change be introduced.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-31 00:30:29 +02:00
Pedro Ferreira
26dacde959 Fix toolbar day mode
Also moved the code to SCSS

Signed-off-by: Pedro Ferreira <pedro@dete.st>
2019-05-12 20:15:46 +02:00
Pedro Ferreira
1801febfe6 Make upload button respect night mode
Also set a title in the input field, so that the file name doesn't show
up.

Signed-off-by: Pedro Ferreira <pedro@dete.st>
2019-05-12 20:15:46 +02:00
Sheogorath
1544b45af5
Move upload button into toolbar
Currently we have the odd situation to have two toolbars. One inside the
header and one in the editor.

Since we only show the image upload button when the editor is visible we
should move the upload button into the editor toolbar.

This patch does this by adding the image upload button besides the image
tag button.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-25 22:33:27 +01:00
Claudius Coenen
858a59529e switching to eslint for code checking
most rules degraded to WARN, so we don't go insane. This will
change over time. The aim is to conform to a common style

Signed-off-by: Claudius Coenen <opensource@amenthes.de>
2018-11-14 23:15:36 +01:00
Alexander Wellbrock
97c2330264
Fix some false titles
Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>
2018-07-08 20:41:46 +02:00
Sheogorath
1c92524c08
Fix broken unicode urls
It wasn't possible to create unicode based URLs in freeurl mode, because
the noteid used for the websocket connection is double escaped. When we
decode it and let socketio-client reencode it, we get the real
shortid/noteid and can find the note in the database and open the
connection.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-26 22:25:36 +02:00
Sheogorath
8fe26988d1
Fix all newly introduced linting issues
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-23 21:27:21 +02:00
Sheogorath
f65d96c57b
Fix liniting and optimize some functions
First fixed some linting issues. Also optimized some functions to be
undoable with one ctrl+z.

This should also speedup some operations

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-23 21:18:15 +02:00
Edgar Zanella Alvarenga
a8b664fdb5 Add a toolbar to Codemirror editor
Signed-off-by: Edgar Zanella Alvarenga <e@vaz.io>
2018-06-19 16:03:56 +02:00
Sheogorath
ad69c5017b
Removing google drive integration
It's sad but it's not working. For multiple releases this should be
already broken which shows how often it's used.

As there is also a security issue related to that, it's better to
remove the feature completely. Whoever wants to rewrite it, feel free to
go.

This commit removes the Google Drive integration from HackMD's Frontend
editor and this way removes the need to provide any API key and Client
ID in the frontend.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-05-16 01:34:55 +02:00
Sheogorath
9c77e9d7f0
Allow the usage of the esc-key by codemirror
This change allows all input modes of codemirror to use the information
from an input esc-key and make this way vim and sublime more
functional. To prevent this change from breaking the return from the
fullscreen mode, it catches the esc-key in this case. Hopefully this is
an acceptable solution.

As before the vim-mode is handled different in fulltext-mode as it is
esc-key heavy.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-02-24 21:14:47 +01:00
Sheogorath
a7935a595a
Allow more detailed configuration of upload mime types
Fixes #637

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-01-20 15:16:53 +01:00
Edoardo Odorico
6fc2c39eda Implemented dark theme.
Signed-off-by: Edoardo Odorico <edoubuntu@gmail.com>
2018-01-05 00:15:13 +01:00
Oliver Herrmann
7d0ef1276c
Corrected some grammatical issues
Obviously caught up in a bad translation and didn't particularly make sense for native english speakers.
2017-10-30 11:25:44 +11:00
Wu Cheng-Han
2bdccd3996 Fix home and end keys behavior for windows 2017-09-27 21:27:33 +08:00
Yukai Huang
4839838d0c Manage syncscroll / currentMode in appState 2017-05-07 20:38:22 +08:00
Yukai Huang
0e9afde5fa Move syncsroll under lib 2017-05-07 20:38:22 +08:00
Yukai Huang
68ccee20b3 Extract modeType 2017-05-07 20:37:27 +08:00
Yukai Huang
c6c11c54ef Expose internal editor config variable 2017-05-07 20:37:27 +08:00
Yukai Huang
db06a51299 Load statusbar template by string-loader 2017-05-07 20:37:26 +08:00
Yukai Huang
f5b95c5d36 Move updateStatusBar method into editor class 2017-03-28 17:16:32 +08:00
Yukai Huang
df743ab902 Fix listener “this” context 2017-03-28 17:11:20 +08:00
Yukai Huang
46ed658d8b Promisify getStatusBarTemplate method 2017-03-28 15:24:52 +08:00
Yukai Huang
b86ecb1342 Extract selection update from updateStatusbar 2017-03-28 11:57:44 +08:00
Yukai Huang
81666a726c Impl multiple codemirror event listener 2017-03-28 11:18:36 +08:00
Wu Cheng-Han
448b006194 Update to generate front-end constants on server startup
To avoid extra webpacking on changing configs and follow the 12 factor app
2017-03-20 01:39:09 +08:00
Yukai Huang
cc30d370f7 Fix variable exporting error 2017-03-13 22:00:20 +08:00
Yukai Huang
93e41f3a40 Merge branch 'master' into cm-refactor 2017-03-13 21:32:50 +08:00
Yukai Huang
9b513f619f Use JavaScript standard style 2017-03-09 15:39:42 +08:00
BoHong Li
5bc642d02e Use JavaScript Standard Style (part 2)
Fixed all fail on frontend code.
2017-03-09 02:41:05 +08:00
Yukai Huang
6556c284e5 Extract editor related code
- in public/js/lib/editor/index.js
2017-03-08 21:43:32 +08:00
Yukai Huang
121d84863a Extract UI jquery node 2017-03-07 21:59:18 +08:00
Yukai Huang
4bbe035beb Merge branch 'master' into frontend-next 2017-01-21 12:08:52 +08:00
Yukai Huang
04292240d6 Minor style update 2017-01-14 15:47:13 +08:00
Yukai Huang
2408ff4ba9 Add default value for config 2017-01-13 23:12:17 +08:00
Yukai Huang
0fca629c34 Rename common.js to login.js 2017-01-13 23:06:31 +08:00
Yukai Huang
c2a8911b9c Move config variable to lib/config 2017-01-13 22:46:38 +08:00