hedgedoc/public/js/lib/editor/ui-elements.js
Sheogorath a2522888b2
Remove PDF export
As we already decleared in earlier versions, this patch removes PDF
export entirely. It's a not acceptable security risk for every CodiMD
instance.

The current implementation allowed to extract arbitary files from the
CodiMD host and therefore leaking secrets from a `/etc/passwd` to
CodiMD's own config files and all secrets contained in it.

Thanks to Joona for finding this vulnerability in August last year,
which lead to an emergency disabling of PDF exports in 1.5.0.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-26 15:05:54 +01:00

83 lines
2.3 KiB
JavaScript

/*
* Global UI elements references
*/
export const getUIElements = () => ({
spinner: $('.ui-spinner'),
content: $('.ui-content'),
toolbar: {
shortStatus: $('.ui-short-status'),
status: $('.ui-status'),
new: $('.ui-new'),
publish: $('.ui-publish'),
extra: {
revision: $('.ui-extra-revision'),
slide: $('.ui-extra-slide')
},
download: {
markdown: $('.ui-download-markdown'),
html: $('.ui-download-html'),
rawhtml: $('.ui-download-raw-html')
},
export: {
dropbox: $('.ui-save-dropbox'),
gist: $('.ui-save-gist'),
snippet: $('.ui-save-snippet')
},
import: {
dropbox: $('.ui-import-dropbox'),
gist: $('.ui-import-gist'),
snippet: $('.ui-import-snippet'),
clipboard: $('.ui-import-clipboard')
},
mode: $('.ui-mode'),
edit: $('.ui-edit'),
view: $('.ui-view'),
both: $('.ui-both'),
night: $('.ui-night')
},
infobar: {
lastchange: $('.ui-lastchange'),
lastchangeuser: $('.ui-lastchangeuser'),
nolastchangeuser: $('.ui-no-lastchangeuser'),
permission: {
permission: $('.ui-permission'),
label: $('.ui-permission-label'),
freely: $('.ui-permission-freely'),
editable: $('.ui-permission-editable'),
locked: $('.ui-permission-locked'),
private: $('.ui-permission-private'),
limited: $('.ui-permission-limited'),
protected: $('.ui-permission-protected')
},
delete: $('.ui-delete-note')
},
toc: {
toc: $('.ui-toc'),
affix: $('.ui-affix-toc'),
label: $('.ui-toc-label'),
dropdown: $('.ui-toc-dropdown')
},
area: {
edit: $('.ui-edit-area'),
view: $('.ui-view-area'),
codemirror: $('.ui-edit-area .CodeMirror'),
codemirrorScroll: $('.ui-edit-area .CodeMirror .CodeMirror-scroll'),
codemirrorSizer: $('.ui-edit-area .CodeMirror .CodeMirror-sizer'),
codemirrorSizerInner: $(
'.ui-edit-area .CodeMirror .CodeMirror-sizer > div'
),
markdown: $('.ui-view-area .markdown-body'),
resize: {
handle: $('.ui-resizable-handle'),
syncToggle: $('.ui-sync-toggle')
}
},
modal: {
snippetImportProjects: $('#snippetImportModalProjects'),
snippetImportSnippets: $('#snippetImportModalSnippets'),
revision: $('#revisionModal')
}
})
export default getUIElements