sa6anw/hedgedoc-hedgeagent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,469 Commits 1 Branch 0 Tags
c3e078c9c600e1b46a84911cf999f61f817f15bd
Commit Graph

16 Commits

Author SHA1 Message Date
Joakim Svensson
c3e078c9c6 Add Invite Agent action to editor menu and allow CSP connect-src 2025-12-31 00:08:30 +00:00
Erik Michelson
858d7bf5d1 feat: option to disable note creation 
The abuse of the demo instance required us to disallow note creation

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2024-07-21 11:03:35 +02:00
Erik Michelson
538f41cf1c fix(opengraph): treat user frontmatter values as String 
A bug was reported that having frontmatter fields being only numeric results in an error. This seems to be caused
as the frontmatter is processed by the yaml-parser but returned
with the types as given. So a numeric value is returned as a number,
a "true" or "false" is returned as boolean etc.
As we expect strings in the template, that resulted in an exception.

This commit fixes this by treating every value as string in the template.
Since we've got no other usages of opengraph data, this should not have been
a security problem.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-01-17 17:10:06 +01:00
David Mehren
7c747cc6b6 Remove CodiMD infobox and tooltip 
Signed-off-by: David Mehren <git@herrmehren.de>
 2023-07-30 20:07:27 +02:00
David Mehren
58f321ce29 Add dark mode toggle in mobile view 
Fixes #2534

Signed-off-by: David Mehren <git@herrmehren.de>
 2022-08-22 08:52:49 +02:00
Tilman Vatteroth
bb4acb02bc Improve aria tags for view mode labels 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2022-04-03 22:40:07 +02:00
Tilman Vatteroth
9498ee6bfe Remove cdn support 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2021-08-15 00:09:53 +02:00
David Mehren
938afbddc3 Replace handlebars with string.replace 
The html.hbs template does not contain any logic,
so we can replace the lib with good old string.replace calls.
This significantly reduces the bundle size, as we don't have to ship
a full template engine to the client.

Signed-off-by: David Mehren <git@herrmehren.de>
 2021-06-11 09:29:26 +02:00
David Mehren
4a0216096a Escape custom Open Graph tags 
HedgeDoc allows to specify custom Open Graph tags using the
`opengraph` key in the YAML metadata of a note.

These are rendered into the HTML delivered to clients using `ejs` and
its `<%-` tag. This outputs the variable unescaped into the template
and therefore allows to inject arbitrary strings,
including `<script>` tags.

This commit changes the template to use ejs's `<%=` tag instead,
which automatically escapes the variables content,
thereby mitigating the XSS vector.

See also https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-gjg7-4j2h-94fq

Co-authored-by: Christoph (Sheogorath) Kern <sheogorath@shivering-isles.com>
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-05-09 19:21:27 +02:00
David Mehren
b468fb623b Switch to ejs 3 compliant imports 
Signed-off-by: David Mehren <git@herrmehren.de>
 2021-02-09 20:27:39 +01:00
David Mehren
e985c2e694 Merge pull request #599 from hedgedoc/fix/icons 
Fix shortcut icon urls pointing to old (nonexistent) files
 2020-11-27 21:06:07 +01:00
Erik Michelson
68c8f2860d Fixed shortcut icon urls pointing to old (nonexistent) files 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2020-11-27 11:29:34 +01:00
Tilman Vatteroth
97312b5ed3 Remove pdf export code 
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
 2020-11-26 21:09:23 +01:00
Tilman Vatteroth
cb265986f3 Remove irritating footer files 
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
 2020-11-18 21:52:50 +01:00
Tilman Vatteroth
cdc5a89cd7 apply review suggestions 2020-11-15 20:12:39 +01:00
Erik Michelson
b28839484d Replace CodiMD with HedgeDoc 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in public/views

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in README

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in SECURITY.md

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in LICENSE

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in docs/configuration.md

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in bin/setup

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/guides

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/dev

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/guides/auth

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/setup

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update various links in code to the new GitHub org.

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: codiMDVersion.js is now hedgeDocVersion.js

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: References in docs/setup/yunohost

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rebrand to HedgeDoc: Add banner and logo

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Update links in docs/guides/migrate-etherpad

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Remove note in docs/guides/auth/github

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Replace links in public/docs/features

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Add todo placeholder in docs/history

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Replace github link in public/views/index/body

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Replace github link in README

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Add logo to README

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Rename to HedgeDoc: Add note about the renaming to the front page

Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>

Removed Travis from README.md and change CodiMD to HedgeDoc in some places

Signed-off-by: Yannick Bungers <git@innay.de>

Some more renaming to HedgeDoc
- Fixed capitalization of HedgeDoc
- Added renaming for etherpad migration doc

Signed-off-by: Yannick Bungers <git@innay.de>

Changed Repo name to hedgedoc

Signed-off-by: Yannick Bungers <git@innay.de>
 2020-11-14 21:18:36 +01:00