Literallie
|
d51da8c12c
|
Don't add nonce to CSP if unsafe-inline is on
Browsers ignore unsafe-inline if a nonce is sent
|
2017-10-22 00:03:46 +02:00 |
|
Literallie
|
91101c856c
|
Change CSP config format to be more intuitive
|
2017-10-22 00:03:46 +02:00 |
|
Literallie
|
5b83deb043
|
Load js-url lib using legacy-loader
Doesn't use eval, plus no window object access
|
2017-10-22 00:03:45 +02:00 |
|
Literallie
|
996cb37991
|
CSP: Workaround for ws:// protocol
The spec allows wss:// for 'self', but not ws:// :(
|
2017-10-22 00:03:45 +02:00 |
|
Literallie
|
0cbdc852cb
|
CSP: Allow more content types
|
2017-10-22 00:03:45 +02:00 |
|
Literallie
|
4238b9b3ef
|
Fix MathJax CSP issues
|
2017-10-22 00:03:45 +02:00 |
|
Literallie
|
080436aebb
|
CSP: Add nonce to slide view inline JS
|
2017-10-22 00:03:45 +02:00 |
|
Literallie
|
5d2d3ec875
|
CSP: Upgrade insecure requests if possible
Config option; default is to only upgrade if usessl
|
2017-10-22 00:03:45 +02:00 |
|
Literallie
|
ba183ce654
|
Add basic CSP support
|
2017-10-22 00:03:44 +02:00 |
|
Sheogorath
|
a23048254d
|
Merge pull request #597 from hackmdio/fix-gist-tag-structure
Fix markdown-it gist plugin code closing tag
Fix #596
|
2017-10-21 14:30:09 +02:00 |
|
Yukai Huang
|
60b86e0250
|
Fix markdown-it gist plugin code closing tag
fix #596
|
2017-10-21 11:45:17 +08:00 |
|
Sheogorath
|
92b769fb26
|
Merge pull request #595 from geekyd/swap
Hides empty export section
|
2017-10-19 15:04:27 +02:00 |
|
Sheogorath
|
053e616be5
|
Merge pull request #586 from PeterDaveHello/jsonlint
Add jsonlint script to ensure all json files are valid
|
2017-10-18 01:18:21 +02:00 |
|
geekyd
|
80fb91976e
|
Hides empty export section
|
2017-10-18 03:34:45 +05:30 |
|
Sheogorath
|
80f1c8197a
|
Merge pull request #593 from felixonmars/patch-1
Fix a typo in README.md
|
2017-10-17 20:01:37 +02:00 |
|
Felix Yan
|
b72556b915
|
Fix a typo in README.md
|
2017-10-17 23:48:33 +08:00 |
|
Sheogorath
|
5ce8f40eac
|
Merge pull request #585 from xxyy/feature/hsts-cfg
Make HSTS Behaviour Configurable (Fixes #584)
|
2017-10-14 18:02:41 +02:00 |
|
Sheogorath
|
ec8936a9f1
|
Merge pull request #569 from SISheogorath/feature/extendedPermissionDocs
Provide table for permissions
|
2017-10-14 01:51:29 +02:00 |
|
Peter Dave Hello
|
f70d2df1be
|
Add jsonlint script to ensure all json files are valid
|
2017-10-14 00:19:32 +08:00 |
|
Literallie
|
6bdc90d6ff
|
Add env vars for extra HSTS options
|
2017-10-13 01:42:05 +02:00 |
|
Literallie
|
1634d5c567
|
Add on/off env var for HSTS
|
2017-10-13 01:42:05 +02:00 |
|
Literallie
|
56411ca0e1
|
Make HSTS behaviour configurable; Fixes #584
|
2017-10-13 01:42:05 +02:00 |
|
Sheogorath
|
a16bde70be
|
Provide table for permissions
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
2017-10-12 11:05:22 +02:00 |
|
Sheogorath
|
53c2d0b5ca
|
Merge pull request #581 from SISheogorath/fix/HMD_URL_ADDPORT
Fix missing boolean setting for HMD_URL_ADDPORT
|
2017-10-12 00:01:27 +02:00 |
|
Sheogorath
|
89c60d1331
|
Fix missing boolean setting for HMD_URL_ADDPORT
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
2017-10-11 23:13:22 +02:00 |
|
Sheogorath
|
8b65d7df1a
|
Merge pull request #575 from PeterDaveHello/fix.travis.yml
Remove duplicated nodejs version in .travis.yml
|
2017-10-11 10:23:30 +02:00 |
|
Sheogorath
|
4dd60cee50
|
Merge pull request #566 from ccoenen/fix-mysql-revision-order
createdAt DESC with quotation marks did not work with MySQL fixes #565
|
2017-10-11 01:08:16 +02:00 |
|
Claudius Coenen
|
87ac05738f
|
Merge pull request #573 from PeterDaveHello/add-version-badge
Add version badge in README.md
|
2017-10-10 23:45:50 +02:00 |
|
Sheogorath
|
11133c3cec
|
Merge pull request #571 from SISheogorath/fix/shellcheck
Prevent argument breaking by spaces
|
2017-10-10 23:28:16 +02:00 |
|
Peter Dave Hello
|
711c38403d
|
Remove duplicated nodejs version in .travis.yml
lts/boron is v6
|
2017-10-11 00:16:11 +08:00 |
|
Peter Dave Hello
|
121b089d96
|
Add version badge in README.md
|
2017-10-10 21:54:13 +08:00 |
|
Sheogorath
|
6ed44f0864
|
Prevent argument breaking by spaces
|
2017-10-10 13:36:37 +02:00 |
|
Claudius Coenen
|
724a6bc26f
|
createdAt DESC with quotation marks did not work with MySQL fixes #565
|
2017-10-09 14:03:33 +02:00 |
|
Sheogorath
|
a99cac0cf0
|
Merge pull request #550 from SISheogorath/fix/gitlabAvatar
Fix broken profile images in GitLab
Fixes #549
|
2017-10-08 22:20:35 +02:00 |
|
Claudius Coenen
|
132d4657d7
|
Merge pull request #564 from geekyd/pop_button
Adds button style to "new note"
|
2017-10-08 15:41:28 +02:00 |
|
Sheogorath
|
a4caac6276
|
Merge pull request #563 from geekyd/master
Updates default max_line_len in uglifyjs
|
2017-10-08 01:23:22 +02:00 |
|
geekyd
|
c6a1b65a91
|
Adds color to new note button
|
2017-10-07 23:23:03 +05:30 |
|
geekyd
|
4f53afe92e
|
Increases max_line_len in uglifyjs
|
2017-10-07 07:21:02 +05:30 |
|
Sheogorath
|
74a7216a30
|
Merge pull request #553 from weisslj/fix-s3-bucket-documentation
Correct documentation of S3 bucket
|
2017-10-07 01:20:43 +02:00 |
|
Wu Cheng-Han
|
d96385eafd
|
Fix to filter @import CSS syntax in style tag to prevent XSS [Security Issue]
|
2017-10-05 10:17:26 +08:00 |
|
Wu Cheng-Han
|
b0b417cefc
|
Fix unescape > symbol inside the style tags to make the CSS works
|
2017-10-05 09:59:57 +08:00 |
|
Wu Cheng-Han
|
8979f215ab
|
Fix blockquote not parse correctly in slide mode
|
2017-10-05 09:59:07 +08:00 |
|
Max Wu
|
b469592db8
|
Update .travis.yml
|
2017-09-27 22:26:03 +08:00 |
|
Wu Cheng-Han
|
7f52a4b38a
|
Update yarn.lock file
|
2017-09-27 22:07:55 +08:00 |
|
Max Wu
|
6f2d1d4320
|
Merge pull request #538 from madebyherzblut/fix-yarn-lock
Update yarn.lock
|
2017-09-27 21:46:13 +08:00 |
|
Max Wu
|
fb14e121cd
|
Merge pull request #527 from sygi/patch-1
Typo in Polish translation
|
2017-09-27 21:41:06 +08:00 |
|
Max Wu
|
8168615e10
|
Merge pull request #541 from Stonesjtu/patch-1
Fix naming typo.
|
2017-09-27 21:40:26 +08:00 |
|
Wu Cheng-Han
|
2bdccd3996
|
Fix home and end keys behavior for windows
|
2017-09-27 21:27:33 +08:00 |
|
Wu Cheng-Han
|
fe384d80bf
|
Fix the < and > symbols are doubly escaped which affected by executing preventXSS twice
|
2017-09-27 18:22:49 +08:00 |
|
Wu Cheng-Han
|
f2743ff8f8
|
Fix slide mode contains unclosed tags might cause XSS [Security Issue]
|
2017-09-27 18:21:28 +08:00 |
|