msb-public/wiki - wiki - 马士兵教育代码仓库

Commit Graph

Author	SHA1	Message	Date
Dominik	d1b4c8c407	chore(helm): add pod annotations (#7222 )	3 days ago
Nicolas Giard	2e35ebf1dc	docs: Update README.md	2 weeks ago
Nicolas Giard	904260fd44	fix: set no-store cache control on jwt renew response	1 month ago
Ethan	1238d614e1	Merge pull request from GHSA-xjcj-p2qv-q3rf * Update render.js # Improved handling of mustache expressions and v-pre attribute assignment ## Changes Made: - Ensured that the parent tag of such text nodes is explicitly set to a `<p>` tag with the `v-pre` attribute. - Added debug messages for better understanding of the script execution flow [THIS SHOULD REMOVED WHEN PUSHING TO PRODUCTION]. ## Why it Works: - When a mustache expression is found, the script either wraps it in a new `<p>` tag with the `v-pre` attribute or adds the `v-pre` attribute to the existing parent `<p>` tag. - This approach ensures that the template code is not removed but encapsulated within `<p>` tags with the `v-pre` attribute, as required. ## Test Cases Passed: 1. `<xyz>{{ constructor.constructor('alert(1)')() }}</xyz>` 2. `<xyz>{{ constructor.constructor('alert(1)')() }}</xyz>` 3. `<p><xyz>{{ constructor.constructor('alert(1)')() }}</p>` 4. `<p><xyz>{{ constructor.constructor('alert(1)')() }}</xyz></p>` 5. `<p><xyz>{{constructor.constructor('alert("Test Case 8")')()}}<xyz>{{constructor.constructor('alert("Test Case 9")')()}}</xyz></p>` This commit enhances the robustness and reliability of handling mustache expressions and ensures proper assignment of the `v-pre` attribute, to ensure that there is no room for the weaponization of the template code later in the rendering process. * fix: move template expressions after dom-purify + handle text nodes without parent --------- Co-authored-by: NGPixel <github@ngpixel.com>	2 months ago
Nicolas Giard	98c04fe18e	docs: Update README.md	2 months ago
Nicolas Giard	854ec230dd	ci: Update build.yml	2 months ago
Nicolas Giard	a28b525894	docs: Update SECURITY.md	2 months ago
CDN	f1161aed59	fix: make comment module "Artalk" work with newer versions (#6901 ) * feat: update comment module "Artalk" * fix: update code.yml --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	2 months ago
Sukka	3a7ce75a1e	refactor(templates): replace `polyfill.io` (#7032 )	2 months ago
Karol Rudnikowski (dxdroni)	f54551ee69	fix: page pagination in tags component (#7061 )	2 months ago
Nicolas Giard	abdd2f0d17	fix: remove upper range node.js version check	2 months ago
Nicolas Giard	66ca18c499	docs: Update README.md	3 months ago
craph	d5af4cb068	chore: fix python issue for node18 in dev Dockerfile (#7029 ) * Fix: email toLowerCase * Fix python issue for node18 in Dockerfile	4 months ago
Nicolas Giard	ece5753ebb	docs: Update README.md	5 months ago
Nicolas Giard	b1e1759f25	fix: set securityTrustProxy to false by default	5 months ago
Jasmine Tai	99e74e8eb2	feat: upgrade markdown-it-emoji to 3.0.0 (#6945 )	5 months ago
Nicolas Giard	34c037c68b	docs: Update README.md	5 months ago
aelgasser	38a46e68ea	feat: sync groups with SAML provider (#6299 ) * feat: added implementation for group mapping in SAML strategies --------- Co-authored-by: Abderraouf El Gasser <abderraouf.elgasser@iktos.com> Co-authored-by: Nicolas Giard <github@ngpixel.com>	7 months ago
Nicolas Giard	fd91caff1d	docs: Update README.md	8 months ago
Nicolas Giard	16245caeff	docs: Update README.md	8 months ago
Pablo	8932d15c0c	fix: typo in kroki name (#6745 )	9 months ago
Nicolas Giard	b19c4e4f23	docs: Update README.md	9 months ago
Nicolas Giard	4ce301d37c	docs: Update README.md	9 months ago
Jaeseo Park	c4c41be81a	chore: upgrade markdown-it-pivot-table version (#6707 )	10 months ago
Nicolas Giard	ef174143ae	docs: Update README.md	10 months ago
Nicolas Giard	2180592ade	ci: fix build.yml	10 months ago
Nicolas Giard	7312de7332	ci: fix build.yml	10 months ago
Nicolas Giard	c66bc1c7c1	ci: fix build.yml	10 months ago
Nicolas Giard	c18a832a3a	docs: Update README.md	10 months ago
Nicolas Giard	cd390ec544	docs: update README.md	10 months ago
Nicolas Giard	8259f0dee6	ci: manually patch extract-files package for windows build	11 months ago
Nicolas Giard	095f8cec7a	ci: fix missing patch-package in windows build	11 months ago
Nicolas Giard	eb91563a0b	ci: fix missing patches folder in docker images	11 months ago
Nicolas Giard	cae50a70d9	ci: add patch-package to docker build	11 months ago
Jason Minard	491d63ceee	fix(auth): keycloak authentication post logout redirect for Keycloak 18+ (#5878 )	11 months ago
NGPixel	3855d2c853	fix: add node 18 + 20 compatibility	11 months ago
Jaeseo Park	d75fc76c0c	feat: add markdown-it-pivot-table rendering module (#6574 ) * feat: markdown-it-pivot-table * chore: upgrade dependency version * style: remove semicolon in renderer.js --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	11 months ago
Andrew McFadden	db8a09fe8c	feat: add ACR Value option to OIDC Module (#6553 ) --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	12 months ago
matt1097	f02b7ba94e	fix(git): Reduce git concurrency to avoid lock file conflicts. (#6511 )	1 year ago
CDN	4e5e8309a6	feat: add v2 of analytics module umami (#6442 ) * feat: create analytics module umami2 --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	1 year ago
Kyle Gehmlich	545ba4ec95	fix: remove duplicate query parameters on HTTPS redirect (#6460 ) HTTPS redirection rebuilds the full URL using req.originalUrl, which includes query parameters (see https://expressjs.com/en/api.html#req.originalUrl). Prior to this patch, appending the stringified query params to req.originalUrl resulted in duplicate parameters, e.g. wiki.js/callback?session=123&code=abc?session=123&code=abc which caused errors when being redirected from an insecure (http://) callback URL to a secure version when using OIDC (e.g. with keycloak). This issue is probably rare, but in cases where HTTPS redirection is enabled and a user tries to hit an insecure URL with query parameters, it could cause problems.	1 year ago
Nicolas Giard	3bf1d9cf28	fix: disable template compilation in source view	1 year ago
Nicolas Giard	55bd9944f5	docs: update BACKERS	1 year ago
Nicolas Giard	56547f716a	docs: update README.md	1 year ago
Nicolas Giard	e059fbb47d	docs: update BACKERS	1 year ago
Nicolas Giard	6fac7a3749	docs: update BACEKRS	1 year ago
Nicolas Giard	e1d282ad11	feat: warn and exit on unsupported node version	1 year ago
DerekJarvis	fd00272314	feat(auth): allow custom GitLab endpoints for self-managed instances (#6399 ) * Allow custom GitLab endpoints for self-hosting --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	1 year ago
Nicolas Giard	5b80b5e850	docs: update BACKERS	1 year ago
Nicolas Giard	f4cf60bbe3	docs: update BACKERS	1 year ago

1 2 3 4 5 ...

2138 Commits (main) All Branches Search

2138 Commits (main)

All Branches