Commit graph

633 commits

Author SHA1 Message Date
David Mehren
cf867daf99
Load Idle.js without script-loader
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:23 +02:00
David Mehren
0e7a9df97d
Load jquery-ui resizable from npm package
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:23 +02:00
David Mehren
e17cc6440f
Load codemirror and codemirror-spell-checker without script-loader
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:20 +02:00
Tilman Vatteroth
41b9ab956c
Replace vimeo meta data api
Vimeo deprecated the v2 api and recommends to
use https://developer.vimeo.com/api/oembed/videos

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2021-05-15 21:25:03 +02:00
David Mehren
dc1f621eb8
Merge pull request #1233 from hedgedoc/fix/insertOnStartOfLines
Fix insertOnStartOfLines behaviour
2021-05-06 21:16:22 +02:00
Erik Michelson
7f8be22e97
Fix click handler for numbered task lists
The regex for tasklists in 1.x didn't include upper-case x/X letters nor ordered lists (1. [ ] abc).
This commit changes the regex to allow both.

Signed-off-by: Erik Michelson <opensource@erik.michelson.eu>
2021-05-05 23:34:03 +02:00
David Mehren
e4b2b6ff73
Fix insertOnStartOfLines behaviour
A bug in insertOnStartOfLines lead to duplicated text,
if the cursor was not at the start of a line.

This fixes the behaviour of insertOnStartOfLines to always use
the complete first and last line of the selection,
even if they were only partially selected.

Fixes #1231

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-05 22:57:49 +02:00
Erik Michelson
0d943d1284
Extract list of supported languages in separate file
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2021-04-26 21:45:31 +02:00
David Mehren
837cf59ef9
Add support for freshly imported languages
New languages: bg, fa, gl, he, hu, oc, pt-br

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-26 21:42:06 +02:00
David Mehren
0f7f11e4f3
Fix HTML clipboard import
jQuery's .html() method escapes contained text (e.g. '<' becomes
'&lt;'). This confuses the turndown parser, which then only performs
unescaping, but does not convert to markdown.
By using .text() instead, the unescaped content is returned and turndown
can correctly generate markdown.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-16 22:06:45 +01:00
Philip Molares
136d895d15 Linter: Fix all lint errors
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-15 12:15:14 +01:00
David Mehren
788e7d460a
Update webpack config and JS import for spin.js v4
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-12 23:47:58 +01:00
Tilman Vatteroth
9f59a73049
Fix wrong acces to slide options
If the slide options in the frontmatter are empty
or not present, then slideOptions object in the
parsed JSON is undefined. This triggers an
exception when the sanitized slide options object
is built.

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2021-02-02 13:27:37 +01:00
Tilman Vatteroth
3eb64cff55
Delete slide options that are not defined
Reveal.js doesn't set the default value of an option in the provided config object
if the key is set with "undefined" as value. This leads to a broken slide mode,
because some critical settings are missing.

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2021-01-15 21:18:23 +01:00
Philip Molares
8e611e42ee added theme to the sanitization of slideOptions
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-14 16:42:53 +01:00
Philip Molares
1546786c63 changed the SCRIPT_END_PLACEHOLDER regex to case insensitive
this was suggested by @TobiasHoll in https://github.com/hackmdio/codimd/issues/1648

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-14 11:35:17 +01:00
Philip Molares
35b0d39a12 added sanitation to the slideMode in frontmatter
This should prevent the issue mentioned in https://github.com/hackmdio/codimd/issues/1648

Specifically left out are
- dependency (user can't really include anything anyway, because CSP forbids most domains)
- autoSlideMethod (nothing our users should be able to change as they won't write JS to be affected by this)
- keyboard (this let's users write arbitrary code and seems therefore to problematic)

See:
https://github.com/hakimel/reveal.js/blob/3.9.2/README.md#configuration
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-14 11:18:09 +01:00
David Mehren
c32b1cf42b
Don't store mermaid diagrams in innerHTML
Using jQuery's `.html()` method stores the given string as `innerHTML`, which enables injection of arbitrary DOM elements.
Using `.text()` instead mitigates this issue.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-27 10:14:27 +01:00
David Mehren
b0e2577fd5
Remove reference to nonexisting DOM element
This was missed in #596 and breaks the frontend JS.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-27 19:24:43 +01:00
Tilman Vatteroth
97312b5ed3
Remove pdf export code
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-11-26 21:09:23 +01:00
Erik Michelson
b28839484d
Replace CodiMD with HedgeDoc
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in public/views

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in README

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in SECURITY.md

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in LICENSE

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in docs/configuration.md

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in bin/setup

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/guides

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/dev

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/guides/auth

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/setup

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update various links in code to the new GitHub org.

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: codiMDVersion.js is now hedgeDocVersion.js

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/setup/yunohost

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rebrand to HedgeDoc: Add banner and logo

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in docs/guides/migrate-etherpad

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Remove note in docs/guides/auth/github

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Replace links in public/docs/features

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Add todo placeholder in docs/history

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Replace github link in public/views/index/body

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Replace github link in README

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Add logo to README

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Add note about the renaming to the front page

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Removed Travis from README.md and change CodiMD to HedgeDoc in some places

Signed-off-by: Yannick Bungers <git@innay.de>

Some more renaming to HedgeDoc
- Fixed capitalization of HedgeDoc
- Added renaming for etherpad migration doc

Signed-off-by: Yannick Bungers <git@innay.de>

Changed Repo name to hedgedoc

Signed-off-by: Yannick Bungers <git@innay.de>
2020-11-14 21:18:36 +01:00
David Mehren
bd11faa203
Use URL constructor instead of regex to check for valid URL
Fixes #545

Co-authored-by: Yannick Bungers <git@innay.de>
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-10 20:35:53 +01:00
David Mehren
3461993ee0
Merge pull request #486 from codimd/feature/cookie-policy 2020-09-25 22:39:30 +02:00
Erik Michelson
824f910bfe
Add config option for cookie SameSite policy
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-08-27 02:04:49 +02:00
Erik Michelson
f821da6c09
Add prevent default to export button too
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-08-23 01:21:37 +02:00
Erik Michelson
d9adf598d8
Add dropbox CSP directive if configured and make button clickable
The lack of a 'preventDefault' on the click event handler resulted in the dropbox link being unclickable.
Furthermore because of a missing CSP rule, the dropbox script couldn't be loaded. The dropbox origin is now added to the CSP script sources if dropbox integration is configured.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-08-23 01:11:31 +02:00
Erik Michelson
c9442c3859
Made changed/created status translatable
The current version of CodiMD/HedgeDoc does only support translations to be filled on server-side rendering. To allow the translation of the changed/created texts, I duplicated the container that holds the text, and pre-filed these containers with the translation server-side. The client just needs to hide the unneeded container and show the right one to show the translated status text.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-08-13 23:55:28 +02:00
Erik Michelson
da35e73346
Restructured locale.js to be included into the editor's js bundle
Until now client-side translations were only possible in the context of the intro/history page, because the locale-detection logic relied on the language selector as a source of available languages. The editor of course has no such selector. With this commit, I copied the list of available languages from the i18n-initialization (server-side) to support language detection in the editor too.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-08-13 23:41:44 +02:00
Erik Michelson
ce469b1e2d
Fixed setting moment.js locale to user-defined language
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2020-08-13 15:23:56 +02:00
David Mehren
e77e7b165a
Set all cookies with sameSite: strict
Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-06-08 15:27:31 +02:00
Sheogorath
45cc1325fb
Fix revision redirect to index page
The revision view had a bug that clicking on a list entry would redirect
the user back to the index page instead of providing the revision diff.

This was cased by the baseurl which is now used as reference for hrefs.
Therefore when clicking on the `href="#"` this was actually pointing at
`<baseurl>#` which is usually the index page.

This patch simply removes the href from the list items and therefore the
link functionality. This fixes the whole problem by removing 9
characters from our source code.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-10 17:45:43 +01:00
Erik Michelson
c9abe4276f
Fix #249 - Focus user field after opening login modal
Signed-off-by: Erik Michelson <erik@liltv.de>
2020-01-08 18:37:11 +01:00
hoijui
ad1a2fb19c make standard conform [fix]
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-30 17:46:54 +01:00
hoijui
3233a448c6 make headerIds const [fix]
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-30 17:46:45 +01:00
hoijui
3be40b23d1 fix gfm header link generation with respect to deduplicatedHeaderId
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-30 17:46:24 +01:00
hoijui
47009805b3 linkifyHeaderStyle needs no string-ification; is already str.
Co-Authored-By: Yukai Huang <yukaihuangtw@gmail.com>
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-30 17:46:04 +01:00
Sheogorath
7a27579589
Merge pull request #205 from hoijui/linkifyHeaderStyle
Allow to generate lower case header references through the config
2019-10-23 21:18:57 +02:00
RyotaK
8494f6a085
Don't accept sandbox attribute
Because sandbox is whitelist attribute, attacker will be able to create iframe that has more permission than default.

Signed-off-by: RyotaK <49341894+ry0tak@users.noreply.github.com>
2019-10-22 12:04:12 +02:00
hoijui
e654ca8a31 Allow to generate lower case header references through the config
This makes the references consistent/compatible with GitHub,
GitLab, Pandoc and many other tools.

This behavior can be enabled in config.json with:

```
"linkifyHeaderStyle": "gfm"
```

Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-22 09:05:37 +02:00
hoijui
20adab2f32 slight doc comment touch-up/simplification [minor]
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
2019-10-22 09:02:40 +02:00
Sheogorath
6462968e84
Merge pull request #97 from SISheogorath/fix/linting
Fix eslint warnings
2019-06-04 16:09:46 +02:00
Sheogorath
4da68597f7
Fix eslint warnings
Since we are about to release it's time to finally fix our linting. This
patch basically runs eslint --fix and does some further manual fixes.
Also it sets up eslint to fail on every warning on order to make
warnings visable in the CI process.

There should no functional change be introduced.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-05-31 00:30:29 +02:00
Toma Tasovac
9e7b081bd9 fixed styling of slides preview
Signed-off-by: Toma Tasovac <ttasovac@humanistika.org>
2019-05-30 10:53:08 +02:00
Pedro Ferreira
26dacde959 Fix toolbar day mode
Also moved the code to SCSS

Signed-off-by: Pedro Ferreira <pedro@dete.st>
2019-05-12 20:15:46 +02:00
Pedro Ferreira
1801febfe6 Make upload button respect night mode
Also set a title in the input field, so that the file name doesn't show
up.

Signed-off-by: Pedro Ferreira <pedro@dete.st>
2019-05-12 20:15:46 +02:00
Sheogorath
c0e75b8606
Replace js-url with wurl
js-url is outdated and wurl is it's successor. This will fix some
vulnerabilities in the dependencies and also optimize the build process
by removing the external library toward internal tooling.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-04-16 19:28:23 +02:00
Max Wu
fb399ebe73
Fix stored XSS in the graphviz error message rendering [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>

Co-Authored-By: Sheogorath <sheogorath@shivering-isles.com>
2019-04-16 14:05:26 +02:00
Sheogorath
1544b45af5
Move upload button into toolbar
Currently we have the odd situation to have two toolbars. One inside the
header and one in the editor.

Since we only show the image upload button when the editor is visible we
should move the upload button into the editor toolbar.

This patch does this by adding the image upload button besides the image
tag button.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-25 22:33:27 +01:00
Sheogorath
982775f6dc
Fix broken HTML export with emojis
HTML export was broken due to missing alt-attribute for emojis.

This patch adds the old alt-element style and restores the exportability
this way.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-09 15:04:07 +01:00
Sheogorath
1f0fb12755
Fix CI errors for unused variables
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-02-21 01:36:39 +01:00