mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-09-20 07:59:03 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
2097 commits 36 branches 47 tags 158 MiB
Commit graph

89 commits

Author SHA1 Message Date
Max Wu
1743a97c22 Fix possible MathJax XSS issue [Security Issue] 
see more at: http://docs.mathjax.org/en/latest/safe-mode.html

Signed-off-by: Max Wu <jackymaxj@gmail.com>
 2019-03-03 18:32:58 +08:00
Sheogorath
62477f0279
Update bootstrap from 3.3.7 to 3.4.0 
Seems like finally there is a new bootstrap version for old version 3.

This patch implements this new version with CodiMD and this way fixes
some possible security issues in the frontend code.

See:
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889
https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2019-01-11 01:56:52 +01:00
Claudius
44ffc564da removing global site layout vars from individual routers, putting them into app.local 
Signed-off-by: Claudius <opensource@amenthes.de>
 2018-11-03 00:52:48 +01:00
Sheogorath
1d452a6ed4
Remove dead package octicon 
Octicon no longer provides its CSS classes and this way is useless in
CodiMD. Replacing all used classes in the UI and remove it from build
system.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-10-10 23:42:41 +02:00
Sheogorath
5212bbf9c4
Replace font-awesome with fork-awesome 
This patch replaces font-awesome with its fork called fork-awesome.
Besides the fact that the newer versions of font-awesome can't be
shipped with distros like debian due to license issues, fork-awesome
also provides more FOSS related icons and builds on top of version 4.7.x
of font-awesome, which we used until this patch.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-10-05 21:52:08 +02:00
Sheogorath
1812b1aaca
Update highlight.js 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-06-30 16:52:34 +02:00
Sheogorath
b6e1144627
Update to octicon 4.4.0 
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-06-30 16:52:33 +02:00
Sheogorath
ed5353d13a
Move polyfill to CDN section 
We don't support it on CDN false instances, but it doesn't hurt to keep
it in for CDN-enabled instances

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
 2018-06-18 01:26:11 +02:00
Christoph (Sheogorath) Kern
7de6e3211f
Merge pull request #598 from xxyy/feature/csp 
Implement basic CSP support
 2018-01-22 20:43:46 +01:00
Peter Dave Hello
f896432250 Upgrade mermaid to v7.1.0, fix #600 2017-10-30 00:18:53 +08:00
Literallie
4238b9b3ef
Fix MathJax CSP issues 2017-10-22 00:03:45 +02:00
Max Wu
450159a462 Merge pull request #427 from PeterDaveHello/fix-indent 
Fix indent in views, shouldn't mix tabs with spaces
 2017-04-18 10:41:58 +08:00
Peter Dave Hello
5f3fe5c62c Fix indent in views, shouldn't mix tabs with spaces 2017-04-18 05:24:04 +08:00
Peter Dave Hello
08c0a0392c Use abcjs on cdnjs, cc @jackycute 2017-04-18 05:19:19 +08:00
Wu Cheng-Han
10a7a9b37e Update to use CDN css for emojify.js when applicable 2017-03-21 00:27:58 +08:00
Wu Cheng-Han
6c87262bd9 Fix to use minified CDN file source in mermaid 2017-02-02 23:40:55 +08:00
Wu Cheng-Han
d5008b7aeb Update viz.js and mermaid CDN links 2017-02-02 23:37:20 +08:00
Wu Cheng-Han
a669c201be Fix template partial path 2017-01-21 14:04:54 +08:00
Wu Cheng-Han
09a7bcbdef Refactor templates and rearrange its path 2017-01-21 13:08:29 +08:00
Wu Cheng-Han
276d500406 Upgrade dependencies 2016-12-19 16:20:27 +08:00
Wu Cheng-Han
ad90643c94 Optimize pretty page resource packing and load orders 2016-11-26 23:22:47 +08:00
Wu Cheng-Han
9d4ede4cff Fix possible XSS in yaml-metadata and turn using ejs escape syntax than external lib [Security Issue] 2016-11-26 22:55:31 +08:00
Wu Cheng-Han
1ba46c95fb Update to separate polypill for IE to a template 2016-11-26 22:38:18 +08:00
Yukai Huang
0b45312834 Add font css to templates 2016-11-03 14:51:28 +08:00
Yukai Huang
58fedb01fa Require pretty stylesheets 2016-11-02 11:55:08 +08:00
Wu Cheng-Han
b6ce7a6ab1 Update mathjax cdn path and source path 2016-10-25 01:57:51 +08:00
Wu Cheng-Han
e6dfc749f6 Fix config.js use cdn option not parse properly and add missing cdn resources 2016-10-23 22:42:47 +08:00
Peter Dave Hello
58b2cff4ec Use CDNJS by default with https and SRI support 2016-10-23 13:31:25 +08:00
Wu Cheng-Han
d70d0318e5 Fix to use bower version emojify.js 2016-10-19 22:12:12 +08:00
Wu Cheng-Han
d44e830366 Update emoji parser using markdown-it-emoji instead of emojify to solve issue #217 2016-10-18 16:50:58 +08:00
Yukai Huang
4c1109b70b Move gist-embed to CDN 2016-10-14 09:56:19 +08:00
Yukai Huang
142b4c6771 Move highlight.js to CDN 2016-10-14 09:21:41 +08:00
Yukai Huang
747502e694 Fix HTML exporting 2016-10-13 16:35:43 +08:00
Yukai Huang
bcb12b9ae7 Remove jquery-scrollspy dependency 
scrollspy is bootstrap built-in plugin
 2016-10-13 15:30:26 +08:00
Yukai Huang
440ad3506c Fix lastchangeui and moment timestamps 2016-10-13 15:13:03 +08:00
Yukai Huang
83be3465cc Fix scrollspy 2016-10-13 13:59:34 +08:00
Yukai Huang
773c0ce39e Optimize common assets with CDN 
* jquery
* lodash
* socket.io
* boostrap
 2016-10-13 11:42:17 +08:00
Yukai Huang
b90c26fe90 Config CDN for viz.js 2016-10-13 08:56:02 +08:00
Yukai Huang
d5d9607c17 Fix stylesheet ordering 2016-10-12 18:14:39 +08:00
Yukai Huang
2cafe15e85 Enable production assets hash 2016-10-12 17:15:59 +08:00
Yukai Huang
6e651c8108 Merge branch 'master' into webpack-frontend 2016-10-11 18:40:23 +08:00
Yukai Huang
56c5378939 Optimize viz.js async rendering through webpack chunk 2016-10-11 17:15:06 +08:00
Yukai Huang
06437ccaa9 Manage more packages with npm and webpack 2016-10-11 14:52:45 +08:00
Yukai Huang
9c8752d452 Split common vendor javascript into chunks 2016-10-11 12:30:30 +08:00
Wu Cheng-Han
fb5d7e4359 Update npm and bower dependencies with related patch 2016-10-10 21:14:28 +08:00
Wu Cheng-Han
3175616573 Update to support showing owner on the infobar 2016-10-10 20:32:20 +08:00
Wu Cheng-Han
bf4c6d021c Extract config.js from common.js to make client setting file clean and also make upgrade easier 2016-10-10 16:25:51 +08:00
Yukai Huang
70c20aadda Remove redundant entry point 2016-10-10 07:58:42 +08:00
Yukai Huang
a258897884 Revert some bower assets 2016-10-09 21:43:41 +08:00
Yukai Huang
53b5cbb893 Finish public note view js loading 2016-10-09 21:09:22 +08:00