Commit graph

150 commits

Author SHA1 Message Date
Max Wu
fb399ebe73
Fix stored XSS in the graphviz error message rendering [Security Issue]
Signed-off-by: Max Wu <jackymaxj@gmail.com>

Co-Authored-By: Sheogorath <sheogorath@shivering-isles.com>
2019-04-16 14:05:26 +02:00
Sheogorath
982775f6dc
Fix broken HTML export with emojis
HTML export was broken due to missing alt-attribute for emojis.

This patch adds the old alt-element style and restores the exportability
this way.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-03-09 15:04:07 +01:00
Sheogorath
c5ca7b634a
Remove broken speakerdeck embedding
The current speakerdeck implementation is broken. An alternative
implementation using oembed doesn't work due to CORS, which could be
solved by proxying the speakerdeck API, but we decided to not do this.

This patch provides the link to the speakerdeck presentation instead,
and this way doesn't break existing notes. This is right now the best
solution we could come up with.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2019-02-21 01:26:37 +01:00
Sheogorath
d6dd33620c
Fix wrong anchors
While experimenting with the ToC changes, it became obvious that anchors
for those unnamed headers don't work.

This patch fixes those links by running the autolinkify twice and make
sure linkify only adds links to non-empty ids.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-11-19 20:20:56 +01:00
Sheogorath
d188b3526a
Again: Replace emoji-plugin regex
The Regex introduced in the last commit[1], was already working quite
good. But still resulted in false positives for all URL that contained a
second `:`.

To fix this once and for all, we craft a simple, but long regex based on
all emoji names and use this to match them.

We could probably optimize it, but that should also be something the
regex engine itself can and should do.

[1]: 7e45533c75 (in this source tree)

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-31 15:33:45 +01:00
Sheogorath
7e45533c75
Fix emoji regex
The old regex, adapted from the other plugins, was a bit too open for
matching. This leads to matching something like: `This is a sentence:
[And something with a: in it.]()` which doesn't become a link anymore.
Because the match is: ` [And something with a`.

This patch provides a fix for the regex to only match non-space string
within the `:`'s.

References:
- Introducing commit:
2063eb8bdf
- Inspirational source of the original RegEx:
2063eb8bdf/public/js/extra.js (L1095)

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-29 20:37:47 +01:00
Christoph (Sheogorath) Kern
e115423d12
Merge pull request #1006 from SISheogorath/fix/missingEmojis
Fix not rendered autocomplete emojis
2018-10-22 23:02:33 +02:00
Sheogorath
1d452a6ed4
Remove dead package octicon
Octicon no longer provides its CSS classes and this way is useless in
CodiMD. Replacing all used classes in the UI and remove it from build
system.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-10 23:42:41 +02:00
Sheogorath
2063eb8bdf
Fix not rendered autocomplete emojis
Currently we have some emojis that are autocompleted but won't show up
in the resulting document.

This patch adds all emojis that are pushed to Codemirror and applies
them to the markdown rendering process, so they become usable.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-10 21:24:33 +02:00
Sheogorath
75a23fe2c9
Add rel="noopener" to target="_blank" links
The noopener construct protects from some nasty clickjacking attacks. We
can apply them savely to all our links since we don't rely on the
previously used page.

Some more details: https://mathiasbynens.github.io/rel-noopener/

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-10-04 01:49:36 +02:00
Sheogorath
4b060c7dba
Rebrand HackMD to CodiMD
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2018-06-24 13:24:12 +02:00
Max Wu
a9c88ce248
Fix task todo might not toggle
which caused by not matching syntax with double dashes correctly
2018-01-24 00:10:52 +08:00
Wu Cheng-Han
3703b12584 Fix image alt not render properly 2018-01-19 00:53:49 +08:00
Max Wu
919b7467d4
Fix anchor id to keep uppercase characters
id shouldn’t be converted to lowercase since id attribute is case sensitive
2018-01-16 15:59:43 +08:00
Sheogorath
e807f1b783
Fix mermaid error handling 2017-10-30 12:26:28 +01:00
Sheogorath
09d2ba41cf
Use mermaidAPI in mermaid scope
Introduced by a5b7145527 (diff-67ae90c5144c55348a3cbdb078240454L532)

Fixes #600

Parse only throws error: 167368d508 (diff-67ae90c5144c55348a3cbdb078240454)
2017-10-30 07:11:14 +01:00
Yukai Huang
60b86e0250 Fix markdown-it gist plugin code closing tag
fix #596
2017-10-21 11:45:17 +08:00
Wu Cheng-Han
d96385eafd Fix to filter @import CSS syntax in style tag to prevent XSS [Security Issue] 2017-10-05 10:17:26 +08:00
Wu Cheng-Han
b0b417cefc Fix unescape > symbol inside the style tags to make the CSS works 2017-10-05 09:59:57 +08:00
BoHong Li
8c2b00b05a style: Fixed variable already declared 2017-05-08 19:29:07 +08:00
Wu Cheng-Han
e32dd547b4 Update to support code block syntax highlighting of gherkin 2017-05-05 18:03:23 +08:00
Yukai Huang
b711ecfadb Drop global variable ui exposing 2017-03-28 19:30:06 +08:00
Wu Cheng-Han
b2985085d0 Update to change makefile syntax highlighting to Prism 2017-03-26 23:09:13 +08:00
Wu Cheng-Han
961d3fab1c Fix code style 2017-03-26 20:45:23 +08:00
Wu Cheng-Han
61dc6dbc15 Add support of abcjs 2017-03-26 20:39:07 +08:00
Wu Cheng-Han
802ed406e6 Fix todo list item class might add in wrong element 2017-03-22 15:42:38 +08:00
Wu Cheng-Han
9ff3649025 Fix unnecessary global calling of ownerui 2017-03-22 15:42:11 +08:00
Wu Cheng-Han
2fa51fb4ba Fix export html to replace fallen cdn tortue.me to cdnjs 2017-03-14 16:37:38 +08:00
Wu Cheng-Han
f491cdabc1 Fix rendering might result XSS attribute on self closing tag [Security Issue] 2017-03-14 16:27:55 +08:00
BoHong Li
5bc642d02e Use JavaScript Standard Style (part 2)
Fixed all fail on frontend code.
2017-03-09 02:41:05 +08:00
Wu Cheng-Han
1a617ddf2e Fix duplicated headers anchor link not been updated properly 2017-02-03 22:02:12 +08:00
Wu Cheng-Han
7863eec366 Fix "[object HTMLCollection] is not iterable!" error in some browsers 2017-02-03 22:01:30 +08:00
Max Wu
a261c8e812 Merge pull request #341 from nvsofts/fix_bom_utf8
Removed UTF-8 BOM in download function
2017-02-03 18:28:05 +08:00
NV
5a212b9335 Removed UTF-8 BOM in download function 2017-02-03 17:35:49 +09:00
Wu Cheng-Han
3df5507589 Upgrade viz.js to fix manual workaround and get smaller file size 2017-02-02 23:27:34 +08:00
Yukai Huang
0fca629c34 Rename common.js to login.js 2017-01-13 23:06:31 +08:00
Yukai Huang
3566d71aea Merge branch 'master' into frontend-next 2017-01-07 00:05:15 +08:00
Yukai Huang
47d7ff2561 Convert extra.js to es6 2017-01-05 17:52:32 +08:00
Wu Cheng-Han
eaf9218f61 Update to show yaml-metadata and diagram parsing error in the view 2017-01-04 23:59:28 +08:00
Wu Cheng-Han
08b04e9528 Workaround that graphviz might not recover from error 2017-01-04 23:59:12 +08:00
Wu Cheng-Han
418a852cc4 Fix mathjax not able to render issue 2016-12-20 03:05:59 +08:00
Wu Cheng-Han
c8d37dd192 Update to handle graphviz output empty graph 2016-12-19 16:53:54 +08:00
Wu Cheng-Han
92f2a4acf0 Remove unused vendor code and add fix related usages 2016-12-19 16:28:59 +08:00
Wu Cheng-Han
46752194e4 Update to make TOC syntax be case-insensitive 2016-12-12 10:49:23 +08:00
Wu Cheng-Han
ead48e45e0 Fix header id and text might affects by mathjax tags 2016-11-28 22:15:07 +08:00
Wu Cheng-Han
de2067f7e8 Update to support typescript and jsx syntax highlighting 2016-11-28 18:34:08 +08:00
Wu Cheng-Han
5287d46931 Optimize hackmd resource packing and load orders 2016-11-26 23:18:51 +08:00
Wu Cheng-Han
b43e63dd21 Update to support go in code block syntax highlighting 2016-11-26 22:48:20 +08:00
Wu Cheng-Han
80ee507951 Fix mathjax with blockquote might have race condition 2016-11-18 12:19:05 +08:00
Wu Cheng-Han
09e6596074 Update to support haskell syntax highlighting in code block 2016-11-18 12:17:37 +08:00