diff --git a/lib/csp.js b/lib/csp.js
index ac06722d6..e6827758d 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -10,18 +10,17 @@ const defaultDirectives = {
connectSrc: ['\'self\'', buildDomainOriginWithProtocol(config, 'ws')],
fontSrc: ['\'self\''],
manifestSrc: ['\'self\''],
- frameSrc: ['\'self\'', 'https://player.vimeo.com', 'https://www.slideshare.net/slideshow/embed_code/key/', 'https://www.youtube.com'],
+ frameSrc: ['\'self\'', 'https://player.vimeo.com', 'https://www.slideshare.net/slideshow/embed_code/key/', 'https://www.youtube.com', 'https://gist.github.com'],
imgSrc: ['*', 'data:'], // we allow using arbitrary images & explicit data for mermaid
scriptSrc: [
config.serverURL + '/build/',
config.serverURL + '/js/',
config.serverURL + '/config',
- 'https://gist.github.com/',
'https://vimeo.com/api/oembed.json',
'https://www.slideshare.net/api/oembed/2',
'\'unsafe-inline\'' // this is ignored by browsers supporting nonces/hashes
],
- styleSrc: [config.serverURL + '/build/', config.serverURL + '/css/', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views
+ styleSrc: [config.serverURL + '/build/', config.serverURL + '/css/', '\'unsafe-inline\''], // unsafe-inline is required for some libs, plus used in views
objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
formAction: ['\'self\''],
mediaSrc: ['*']
diff --git a/package.json b/package.json
index e1196330f..35c4756f9 100644
--- a/package.json
+++ b/package.json
@@ -167,7 +167,6 @@
"file-saver": "2.0.5",
"flowchart.js": "1.18.0",
"fork-awesome": "1.2.0",
- "gist-embed": "2.6.0",
"globals": "16.0.0",
"highlight.js": "10.7.3",
"html-webpack-plugin": "4.5.2",
diff --git a/public/css/extra.css b/public/css/extra.css
index d5945ba93..d108a5ec1 100644
--- a/public/css/extra.css
+++ b/public/css/extra.css
@@ -63,6 +63,11 @@
-webkit-transition: opacity 0.2s; /* Safari */
transition: opacity 0.2s;
}
+iframe.github-gist-frame {
+ width: 100%;
+ border: none;
+ height: 32rem;
+}
.slideshare .inner,
.speakerdeck .inner {
diff --git a/public/js/extra.js b/public/js/extra.js
index 210f8da9d..36668b1c3 100644
--- a/public/js/extra.js
+++ b/public/js/extra.js
@@ -15,8 +15,6 @@ import markdownitContainer from 'markdown-it-container'
/* Defined regex markdown it plugins */
import Plugin from 'markdown-it-regexp'
-import 'gist-embed'
-
require('prismjs/themes/prism.css')
require('prismjs/components/prism-wiki')
require('prismjs/components/prism-haskell')
@@ -304,10 +302,6 @@ export function finishView (view) {
}
})
})
- // gist
- view.find('code[data-gist-id]').each((key, value) => {
- if ($(value).children().length === 0) { $(value).gist(window.viewAjaxCallback) }
- })
// sequence diagram
const sequences = view.find('div.sequence-diagram.raw').removeClass('raw')
sequences.each((key, value) => {
@@ -639,8 +633,6 @@ function generateCleanHTML (view) {
src.find('*[class=""]').removeAttr('class')
eles.removeAttr('data-startline data-endline')
src.find("a[href^='#'][smoothhashscroll]").removeAttr('smoothhashscroll')
- // remove gist content
- src.find('code[data-gist-id]').children().remove()
// disable todo list
src.find('input.task-list-item-checkbox').attr('disabled', '')
// replace emoji image path
@@ -1156,8 +1148,7 @@ const gistPlugin = new Plugin(
(match, utils) => {
const gistid = match[1]
- const code = `