hedgedoc

mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-22 03:05:19 -04:00

History

Erik Michelson 0636b5c20b refactor: use iframes for gist embedding instead of gist-embed The used library gist-embed relies on GitHub Gist's JSONP endpoint which is a risk for XSS injection. By adding untrusted content from GitHub into the DOM it also follows very bad practises. Using the iframe embedding has the disadvantage of not having the proper height for the frame auto-loaded, but the security benefits are worth it. Signed-off-by: Erik Michelson <github@erik.michelson.eu>		2025-04-10 00:21:55 +02:00
..
config	feat(saml): add config options to set required signings	2025-04-09 21:49:00 +02:00
migrations	chore(eslint): run eslint --fix	2025-02-01 22:15:54 +01:00
models	Ensure case-sensitive DB queries on MySQL/MariaDB	2024-09-01 13:54:18 +02:00
ot	Fix logging in ot module	2018-11-13 23:30:13 +01:00
web	feat(saml): add config options to set required signings	2025-04-09 21:49:00 +02:00
workers	Adapt code for eslint-config-standard 17	2022-05-01 21:19:44 +02:00
csp.js	refactor: use iframes for gist embedding instead of gist-embed	2025-04-10 00:21:55 +02:00
errors.js	feat: rate-limiting	2025-02-01 21:12:08 +01:00
history.js	Adapt code for eslint-config-standard 17	2022-05-01 21:19:44 +02:00
letter-avatars.js	Use identicons as fallback for libravatar	2022-01-07 14:03:26 +01:00
logger.js	Fix eslint warnings	2019-05-31 00:30:29 +02:00
prometheus.js	Add custom prometheus metrics	2021-04-25 20:06:56 +02:00
realtime.js	chore(eslint): run eslint --fix	2025-02-01 22:15:54 +01:00
response.js	Adapt code for eslint-config-standard 17	2022-05-01 21:19:44 +02:00
utils.js	Ensure case-sensitive DB queries on MySQL/MariaDB	2024-09-01 13:54:18 +02:00