Commit graph

2076 commits

Author SHA1 Message Date
Christoph (Sheogorath) Kern
8ea09a8bd0
Merge pull request #627 from SISheogorath/fix/XSS
Prevent XSS vulnerbility by srcdoc in iframe
2017-11-24 18:09:41 +01:00
Sheogorath
93b91163cd
Prevent XSS vul by srcdoc in iframe 2017-11-24 10:10:50 +01:00
Christoph (Sheogorath) Kern
978ec84906
Merge pull request #601 from devonJS/auth-docs
Added small guide for auth providers GitHub and Twitter
2017-11-09 13:34:18 +01:00
Devon Jue
8c916bb987 added auth docs and images for GitHub and Twitter 2017-11-08 21:20:50 -08:00
Literallie
3a752fde51
Revert "Load js-url lib using legacy-loader"
Didn't work in Firefox for some reason.

`[Script Loader] ReferenceError: module is not defined`

This reverts commit 5b83deb043.
2017-11-02 17:57:44 +01:00
Sheogorath
d8997f938b
Merge pull request #615 from PeterDaveHello/patch-1
[README] Add icons to browser version support list
2017-10-31 15:18:03 +01:00
Peter Dave Hello
05541f1546
[README] Add icons to browser version support list 2017-10-31 22:13:36 +08:00
Sheogorath
4c6e768a52
Merge pull request #614 from SISheogorath/fix/mattermostVar
Fix mattermost breaking notes
2017-10-31 14:16:06 +01:00
Sheogorath
8808399c48
Fix mattermost breaking notes 2017-10-31 13:48:35 +01:00
Sheogorath
66b3463825
Merge pull request #604 from PeterDaveHello/refactor-TravisCI-config
Refactor travis ci config
2017-10-31 12:12:33 +01:00
Sheogorath
16b3e015ab
Merge pull request #606 from DoubleMalt/feature/MattermostAuth
Add Mattermost authentication strategy
2017-10-31 12:11:41 +01:00
Christoph Witzany
5cda55086a Add mattermost authentication 2017-10-31 10:34:51 +01:00
Sheogorath
f2812730e0
Merge pull request #613 from SISheogorath/fix/allowerrorHandling
Fix allowpdfexport handling on error page
2017-10-31 02:22:42 +01:00
Sheogorath
ef49b72442
Fix allowpdfexport handling on error page 2017-10-31 01:57:32 +01:00
Sheogorath
6ca28845c2
Merge pull request #605 from SISheogorath/feature/extentReadme
Extend docker section in README
2017-10-30 23:04:13 +01:00
Sheogorath
dad5798472
Merge pull request #612 from SISheogorath/fix/mermaidErr
Fix mermaid error handling

Fixes #610
2017-10-30 12:30:38 +01:00
Sheogorath
e807f1b783
Fix mermaid error handling 2017-10-30 12:26:28 +01:00
Sheogorath
803a2776ad
Extend docker section 2017-10-30 07:50:50 +01:00
Sheogorath
b3c66d4a10
Merge pull request #608 from SISheogorath/fix/mermaid
Use mermaidAPI in mermaid scope
2017-10-30 07:24:57 +01:00
Sheogorath
09d2ba41cf
Use mermaidAPI in mermaid scope
Introduced by a5b7145527 (diff-67ae90c5144c55348a3cbdb078240454L532)

Fixes #600

Parse only throws error: 167368d508 (diff-67ae90c5144c55348a3cbdb078240454)
2017-10-30 07:11:14 +01:00
Oliver Herrmann
b7e87f7767
Merge pull request #1 from monoxane/monoxane-patch-1
Corrected some grammatical issues with document length limits.
2017-10-30 11:26:47 +11:00
Oliver Herrmann
7d0ef1276c
Corrected some grammatical issues
Obviously caught up in a bad translation and didn't particularly make sense for native english speakers.
2017-10-30 11:25:44 +11:00
Sheogorath
f1475535a2
Merge pull request #607 from PeterDaveHello/upgrade-mermaid
Upgrade mermaid to v7.1.0, fix #600
2017-10-29 17:32:41 +01:00
Peter Dave Hello
da2426ae3d Update yarn.lock 2017-10-30 00:21:35 +08:00
Peter Dave Hello
f896432250 Upgrade mermaid to v7.1.0, fix #600 2017-10-30 00:18:53 +08:00
Peter Dave Hello
7478dd14e0 Add build, ShellCheck, doctoc & jsonlint test on Travis CI 2017-10-29 23:01:46 +08:00
Peter Dave Hello
cae9bb2e7d Use matrix(jobs) in .travis.yml 2017-10-29 23:01:44 +08:00
Sheogorath
862545fff7
Merge pull request #462 from CrazyPython/patch-1
Fix grammar and use best English standards
2017-10-27 22:15:42 +02:00
Sheogorath
abbc43f9b6 Merge pull request #599 from xxyy/fix/inline-styles
Externalise some trivial inline styles from slide.ejs
2017-10-27 13:24:26 +02:00
Sheogorath
881e800fd8 Merge pull request #562 from SISheogorath/fix/LDAP
Fix LDAP problem about missing uidNumber
2017-10-27 12:48:45 +02:00
Sheogorath
94021e2d34 Merge pull request #574 from PeterDaveHello/README.md-Table-of-Contents
Add "Table of Contents" in README.md
2017-10-27 11:51:50 +02:00
Sheogorath
be5de239ea Merge pull request #589 from geekyd/master
Adds enable/disable PDF export via config
2017-10-25 15:56:17 +02:00
geekyd
f7d2ef970a Adds 403 response if PDF export is disabled 2017-10-25 19:21:34 +05:30
geekyd
0be09e109f Adds HMD_ALLOW_PDF_EXPORT to readme 2017-10-25 19:20:36 +05:30
geekyd
d63e6780eb Adds PDF export via config 2017-10-25 19:19:37 +05:30
Literallie
af935e46fc
Externalise trivial inline styles from slide.ejs
Dynamic background images need some further work
2017-10-23 23:39:18 +02:00
Sheogorath
c794412714 Merge pull request #591 from Rwing/master
support Simplified Chinese and rename original zh to Traditional Chinese
2017-10-23 11:53:31 +02:00
Rwing
362a7eaf65 support Simplified Chinese and rename original zh to Traditional Chinese 2017-10-23 17:38:04 +08:00
Literallie
567f26f5b9
Fix MathJax config not being picked up
thanks standard
2017-10-22 02:48:24 +02:00
Literallie
04f5e3a341
Move CSP logic to new file, Fix boolean config examples
Not sure why I was quoting these in the first place
2017-10-22 02:18:45 +02:00
Literallie
e5f03fe135
Add dirty workaround for speakers view inline script 2017-10-22 00:03:46 +02:00
Literallie
2b2b8d6d1d
Allow any connect-src in CSP
Managing these for all the integrations seems like a lot of effort
2017-10-22 00:03:46 +02:00
Literallie
d51da8c12c
Don't add nonce to CSP if unsafe-inline is on
Browsers ignore unsafe-inline if a nonce is sent
2017-10-22 00:03:46 +02:00
Literallie
91101c856c
Change CSP config format to be more intuitive 2017-10-22 00:03:46 +02:00
Literallie
5b83deb043
Load js-url lib using legacy-loader
Doesn't use eval, plus no window object access
2017-10-22 00:03:45 +02:00
Literallie
996cb37991
CSP: Workaround for ws:// protocol
The spec allows wss:// for 'self', but not ws:// :(
2017-10-22 00:03:45 +02:00
Literallie
0cbdc852cb
CSP: Allow more content types 2017-10-22 00:03:45 +02:00
Literallie
4238b9b3ef
Fix MathJax CSP issues 2017-10-22 00:03:45 +02:00
Literallie
080436aebb
CSP: Add nonce to slide view inline JS 2017-10-22 00:03:45 +02:00
Literallie
5d2d3ec875
CSP: Upgrade insecure requests if possible
Config option; default is to only upgrade if usessl
2017-10-22 00:03:45 +02:00