hedgedoc

Author	SHA1	Message	Date
Literallie	3a752fde51	Revert "Load js-url lib using legacy-loader" Didn't work in Firefox for some reason. `[Script Loader] ReferenceError: module is not defined` This reverts commit 5b83deb043296c23ff912a2472703c1f7faddb4b.	2017-11-02 17:57:44 +01:00
Literallie	567f26f5b9	Fix MathJax config not being picked up thanks standard	2017-10-22 02:48:24 +02:00
Literallie	04f5e3a341	Move CSP logic to new file, Fix boolean config examples Not sure why I was quoting these in the first place	2017-10-22 02:18:45 +02:00
Literallie	e5f03fe135	Add dirty workaround for speakers view inline script	2017-10-22 00:03:46 +02:00
Literallie	2b2b8d6d1d	Allow any connect-src in CSP Managing these for all the integrations seems like a lot of effort	2017-10-22 00:03:46 +02:00
Literallie	d51da8c12c	Don't add nonce to CSP if unsafe-inline is on Browsers ignore unsafe-inline if a nonce is sent	2017-10-22 00:03:46 +02:00
Literallie	91101c856c	Change CSP config format to be more intuitive	2017-10-22 00:03:46 +02:00
Literallie	5b83deb043	Load js-url lib using legacy-loader Doesn't use eval, plus no window object access	2017-10-22 00:03:45 +02:00
Literallie	996cb37991	CSP: Workaround for ws:// protocol The spec allows wss:// for 'self', but not ws:// :(	2017-10-22 00:03:45 +02:00
Literallie	0cbdc852cb	CSP: Allow more content types	2017-10-22 00:03:45 +02:00
Literallie	4238b9b3ef	Fix MathJax CSP issues	2017-10-22 00:03:45 +02:00
Literallie	080436aebb	CSP: Add nonce to slide view inline JS	2017-10-22 00:03:45 +02:00
Literallie	5d2d3ec875	CSP: Upgrade insecure requests if possible Config option; default is to only upgrade if usessl	2017-10-22 00:03:45 +02:00
Literallie	ba183ce654	Add basic CSP support	2017-10-22 00:03:44 +02:00
Sheogorath	a23048254d	Merge pull request #597 from hackmdio/fix-gist-tag-structure Fix markdown-it gist plugin code closing tag Fix #596	2017-10-21 14:30:09 +02:00
Yukai Huang	60b86e0250	Fix markdown-it gist plugin code closing tag fix #596	2017-10-21 11:45:17 +08:00
Sheogorath	92b769fb26	Merge pull request #595 from geekyd/swap Hides empty export section	2017-10-19 15:04:27 +02:00
Sheogorath	053e616be5	Merge pull request #586 from PeterDaveHello/jsonlint Add jsonlint script to ensure all json files are valid	2017-10-18 01:18:21 +02:00
geekyd	80fb91976e	Hides empty export section	2017-10-18 03:34:45 +05:30
Sheogorath	80f1c8197a	Merge pull request #593 from felixonmars/patch-1 Fix a typo in README.md	2017-10-17 20:01:37 +02:00
Felix Yan	b72556b915	Fix a typo in README.md	2017-10-17 23:48:33 +08:00
Sheogorath	5ce8f40eac	Merge pull request #585 from xxyy/feature/hsts-cfg Make HSTS Behaviour Configurable (Fixes #584)	2017-10-14 18:02:41 +02:00
Sheogorath	ec8936a9f1	Merge pull request #569 from SISheogorath/feature/extendedPermissionDocs Provide table for permissions	2017-10-14 01:51:29 +02:00
Peter Dave Hello	f70d2df1be	Add jsonlint script to ensure all json files are valid	2017-10-14 00:19:32 +08:00
Literallie	6bdc90d6ff	Add env vars for extra HSTS options	2017-10-13 01:42:05 +02:00
Literallie	1634d5c567	Add on/off env var for HSTS	2017-10-13 01:42:05 +02:00
Literallie	56411ca0e1	Make HSTS behaviour configurable; Fixes #584	2017-10-13 01:42:05 +02:00
Sheogorath	a16bde70be	Provide table for permissions Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>	2017-10-12 11:05:22 +02:00
Sheogorath	53c2d0b5ca	Merge pull request #581 from SISheogorath/fix/HMD_URL_ADDPORT Fix missing boolean setting for HMD_URL_ADDPORT	2017-10-12 00:01:27 +02:00
Sheogorath	89c60d1331	Fix missing boolean setting for HMD_URL_ADDPORT Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>	2017-10-11 23:13:22 +02:00
Sheogorath	8b65d7df1a	Merge pull request #575 from PeterDaveHello/fix.travis.yml Remove duplicated nodejs version in .travis.yml	2017-10-11 10:23:30 +02:00
Sheogorath	4dd60cee50	Merge pull request #566 from ccoenen/fix-mysql-revision-order createdAt DESC with quotation marks did not work with MySQL fixes #565	2017-10-11 01:08:16 +02:00
Claudius Coenen	87ac05738f	Merge pull request #573 from PeterDaveHello/add-version-badge Add version badge in README.md	2017-10-10 23:45:50 +02:00
Sheogorath	11133c3cec	Merge pull request #571 from SISheogorath/fix/shellcheck Prevent argument breaking by spaces	2017-10-10 23:28:16 +02:00
Peter Dave Hello	711c38403d	Remove duplicated nodejs version in .travis.yml lts/boron is v6	2017-10-11 00:16:11 +08:00
Peter Dave Hello	121b089d96	Add version badge in README.md	2017-10-10 21:54:13 +08:00
Sheogorath	6ed44f0864	Prevent argument breaking by spaces	2017-10-10 13:36:37 +02:00
Claudius Coenen	724a6bc26f	createdAt DESC with quotation marks did not work with MySQL fixes #565	2017-10-09 14:03:33 +02:00
Sheogorath	a99cac0cf0	Merge pull request #550 from SISheogorath/fix/gitlabAvatar Fix broken profile images in GitLab Fixes #549	2017-10-08 22:20:35 +02:00
Claudius Coenen	132d4657d7	Merge pull request #564 from geekyd/pop_button Adds button style to "new note"	2017-10-08 15:41:28 +02:00
Sheogorath	a4caac6276	Merge pull request #563 from geekyd/master Updates default max_line_len in uglifyjs	2017-10-08 01:23:22 +02:00
geekyd	c6a1b65a91	Adds color to new note button	2017-10-07 23:23:03 +05:30
geekyd	4f53afe92e	Increases max_line_len in uglifyjs	2017-10-07 07:21:02 +05:30
Sheogorath	74a7216a30	Merge pull request #553 from weisslj/fix-s3-bucket-documentation Correct documentation of S3 bucket	2017-10-07 01:20:43 +02:00
Wu Cheng-Han	d96385eafd	Fix to filter @import CSS syntax in style tag to prevent XSS [Security Issue]	2017-10-05 10:17:26 +08:00
Wu Cheng-Han	b0b417cefc	Fix unescape > symbol inside the style tags to make the CSS works	2017-10-05 09:59:57 +08:00
Wu Cheng-Han	8979f215ab	Fix blockquote not parse correctly in slide mode	2017-10-05 09:59:07 +08:00
Max Wu	b469592db8	Update .travis.yml	2017-09-27 22:26:03 +08:00
Wu Cheng-Han	7f52a4b38a	Update yarn.lock file	2017-09-27 22:07:55 +08:00
Max Wu	6f2d1d4320	Merge pull request #538 from madebyherzblut/fix-yarn-lock Update yarn.lock	2017-09-27 21:46:13 +08:00

1 2 3 4 5 ...

1363 Commits