msb-public/wiki - wiki - 马士兵教育代码仓库

Commit Graph

Author	SHA1	Message	Date
Nicolas Giard	904260fd44	fix: set no-store cache control on jwt renew response	1 month ago
Ethan	1238d614e1	Merge pull request from GHSA-xjcj-p2qv-q3rf * Update render.js # Improved handling of mustache expressions and v-pre attribute assignment ## Changes Made: - Ensured that the parent tag of such text nodes is explicitly set to a `<p>` tag with the `v-pre` attribute. - Added debug messages for better understanding of the script execution flow [THIS SHOULD REMOVED WHEN PUSHING TO PRODUCTION]. ## Why it Works: - When a mustache expression is found, the script either wraps it in a new `<p>` tag with the `v-pre` attribute or adds the `v-pre` attribute to the existing parent `<p>` tag. - This approach ensures that the template code is not removed but encapsulated within `<p>` tags with the `v-pre` attribute, as required. ## Test Cases Passed: 1. `<xyz>{{ constructor.constructor('alert(1)')() }}</xyz>` 2. `<xyz>{{ constructor.constructor('alert(1)')() }}</xyz>` 3. `<p><xyz>{{ constructor.constructor('alert(1)')() }}</p>` 4. `<p><xyz>{{ constructor.constructor('alert(1)')() }}</xyz></p>` 5. `<p><xyz>{{constructor.constructor('alert("Test Case 8")')()}}<xyz>{{constructor.constructor('alert("Test Case 9")')()}}</xyz></p>` This commit enhances the robustness and reliability of handling mustache expressions and ensures proper assignment of the `v-pre` attribute, to ensure that there is no room for the weaponization of the template code later in the rendering process. * fix: move template expressions after dom-purify + handle text nodes without parent --------- Co-authored-by: NGPixel <github@ngpixel.com>	2 months ago
CDN	f1161aed59	fix: make comment module "Artalk" work with newer versions (#6901 ) * feat: update comment module "Artalk" * fix: update code.yml --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	2 months ago
Nicolas Giard	abdd2f0d17	fix: remove upper range node.js version check	2 months ago
Nicolas Giard	b1e1759f25	fix: set securityTrustProxy to false by default	5 months ago
Jasmine Tai	99e74e8eb2	feat: upgrade markdown-it-emoji to 3.0.0 (#6945 )	5 months ago
aelgasser	38a46e68ea	feat: sync groups with SAML provider (#6299 ) * feat: added implementation for group mapping in SAML strategies --------- Co-authored-by: Abderraouf El Gasser <abderraouf.elgasser@iktos.com> Co-authored-by: Nicolas Giard <github@ngpixel.com>	7 months ago
Pablo	8932d15c0c	fix: typo in kroki name (#6745 )	9 months ago
Jason Minard	491d63ceee	fix(auth): keycloak authentication post logout redirect for Keycloak 18+ (#5878 )	11 months ago
NGPixel	3855d2c853	fix: add node 18 + 20 compatibility	11 months ago
Jaeseo Park	d75fc76c0c	feat: add markdown-it-pivot-table rendering module (#6574 ) * feat: markdown-it-pivot-table * chore: upgrade dependency version * style: remove semicolon in renderer.js --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	11 months ago
Andrew McFadden	db8a09fe8c	feat: add ACR Value option to OIDC Module (#6553 ) --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	1 year ago
matt1097	f02b7ba94e	fix(git): Reduce git concurrency to avoid lock file conflicts. (#6511 )	1 year ago
CDN	4e5e8309a6	feat: add v2 of analytics module umami (#6442 ) * feat: create analytics module umami2 --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	1 year ago
Kyle Gehmlich	545ba4ec95	fix: remove duplicate query parameters on HTTPS redirect (#6460 ) HTTPS redirection rebuilds the full URL using req.originalUrl, which includes query parameters (see https://expressjs.com/en/api.html#req.originalUrl). Prior to this patch, appending the stringified query params to req.originalUrl resulted in duplicate parameters, e.g. wiki.js/callback?session=123&code=abc?session=123&code=abc which caused errors when being redirected from an insecure (http://) callback URL to a secure version when using OIDC (e.g. with keycloak). This issue is probably rare, but in cases where HTTPS redirection is enabled and a user tries to hit an insecure URL with query parameters, it could cause problems.	1 year ago
Nicolas Giard	3bf1d9cf28	fix: disable template compilation in source view	1 year ago
Nicolas Giard	e1d282ad11	feat: warn and exit on unsupported node version	1 year ago
DerekJarvis	fd00272314	feat(auth): allow custom GitLab endpoints for self-managed instances (#6399 ) * Allow custom GitLab endpoints for self-hosting --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	1 year ago
robinho81	8db4be668b	feat: expose skipUserProfile option in passport-oidc (#6190 ) Co-authored-by: Robin Chalmers <robin.chalmers@kairostech.no>	1 year ago
Charlotte County Public Schools	5acc7e752e	fix: add new props to existing auth strategies (#6250 )	1 year ago
NGPixel	490fab1173	fix: handle empty ToC position value	1 year ago
NGPixel	e495e0aaab	fix: update google analytics field help to refer to the new ID format	1 year ago
NGPixel	e954b50a7a	feat: footer text override option	1 year ago
Dan Nicholson	78a35c377c	feat: include query parameters in locale redirect (#6132 ) * feat: include query parameters in locale redirect * refactor: code cleanup --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	1 year ago
gueldi	bba1d1b574	fix(oidc): use _json prop when setting displayName (#6135 ) * Fixes setting displayName from OIDC Relates to: https://github.com/requarks/wiki/pull/6096 * Update authentication.js --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	1 year ago
NGPixel	ac930fc23e	fix: change simple-git import	1 year ago
Eric Knibbe	2e8585478f	fix(git): handle file renames between folders (#6020 ) * git storage: handle file renames between folders --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	1 year ago
Charlotte County Public Schools	8fa771c4ce	feat: set groups based on LDAP groups (#5903 ) * Add mapping ldap groups to wiki groups --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	1 year ago
Leangseu Kim	0d914b061e	feat: add singleByPath GraphQL resolver (#6011 ) Co-authored-by: k k <kleangseu@yahoo.com>	1 year ago
Aurélien Lajoie	1da80eaab8	feat: oauth2 add groups mapping (#6053 ) Co-authored-by: Nicolas Giard <github@ngpixel.com>	1 year ago
gueldi	43a797d322	feat: adds displayName property to OIDC authentication module (#6096 ) * Adds displayName property to oidc authentication method * fix: update displayName prop * fix: use blank display name in oidc auth --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	1 year ago
NGPixel	5f876ced20	feat: optional oauth2 module nonce toggle	1 year ago
Sleuth56	12233c476d	feat: enable state key on generic oauth2 (#6104 )	1 year ago
Eric Knibbe	41454cfd30	fix(git): disable color.ui in git storage (#6014 )	1 year ago
Boris	54dbf9ad00	feat: add asciidoc editor module (#5954 ) * feat: add asciidoc editor module * fix storage file extension for asciidoc pages * fix: asciidoc editor + rendering improvements * fix: description list css improvements Co-authored-by: NGPixel <github@ngpixel.com>	2 years ago
topdev-spetermann	eadefb8827	fix: sideloading locales should import availabilities (#5973 )	2 years ago
NGPixel	f3133a72ec	feat: toc sidebar position	2 years ago
CDN	73af37b81b	fix: git log should explicitly separate branch from paths (#5911 )	2 years ago
CDN	0a2a32db47	feat: add artalk comment module (#5868 ) Co-authored-by: Nicolas Giard <github@ngpixel.com>	2 years ago
CDN	86c9407057	feat: add umami analytics module (#5869 ) Co-authored-by: Nicolas Giard <github@ngpixel.com>	2 years ago
NGPixel	d10f2a1966	feat: send UPGRADE_COMPANION_REF in automated upgrade call	2 years ago
cannorin	db2ad81a1f	feat: katex persistent macro support (#5838 ) Co-authored-by: cannorin <cannorin@users.noreply.github.com>	2 years ago
NGPixel	9fbc25adb8	feat: improve table rendering + add markdown-it-decorate module	2 years ago
natsutteatsuiyone	445ad05a3d	fix: incompatibility issues with passport-openidconnect@0.1.1 (#5799 ) * fix: incompatibility issues with passport-openidconnect * fix: remove a trailing semicolon	2 years ago
natsutteatsuiyone	2cb304100c	fix: Page Rules based on Tag Matches do not work for comment permissions (#5819 )	2 years ago
Simon Lichtinghagen	1893fd499a	fix: login with Keycloak 20 by explicit set OAuth scopes (#5808 ) * Fix login with Keycloak 20 by explicit set OAuth scopes * moved scopes to definition.yml Co-authored-by: Simon Lichtinghagen <sl@bnmsp.de>	2 years ago
Andrei Senchuk	e6bbf9d088	fix: oidc module - map() call on undefined; fix unrelate() usage (#5781 )	2 years ago
Rodrigo Ribeiro Gomes	db0255cb7c	fix: add missing scriptJs and scriptCss to single page resolver (#5689 )	2 years ago
cleaverm	17c11b3f4e	fix: typo in letsencrypt.js logging output (#5712 )	2 years ago
adroslice	15206efc57	fix: comment edit not updating original content (#5646 )	2 years ago

1 2 3 4 5 ...

933 Commits (main)