msb-public/wiki - wiki - 马士兵教育代码仓库

Commit Graph

Author	SHA1	Message	Date
Hugo Gu	dffcc55755	fix: restrict inline math placeholder replacement to single line Unclosed $ delimiters would span across multiple lines, causing protectMathPipes() to corrupt table cell delimiters in unrelated content. Limit inline math matching to the same line to prevent false matches. Co-authored-by: Claude <noreply@anthropic.com> AI-model: kimi-for-coding/k2p6	3 weeks ago
Hugo Gu	b41c9cd4e9	fix: protect special characters in math from markdown table parsers Wiki.js uses markdown-it-attrs which interprets curly braces inside inline math ($...$) as attribute directives, stripping them from the formula. Additionally, markdown table parsers split cells at both `\|` and `&` characters, breaking formulas containing those symbols. This fix replaces `{`, `}`, `\|`, and `&` inside math expressions with Unicode Private Use Area placeholders during markdown parsing, then restores them before passing to KaTeX/MathJax for rendering. - `<E000>` / `<E001>`: temporary replacements for `{` / `}` - `<E002>`: temporary replacement for `\|` (table cell delimiter) - `<E003>`: temporary replacement for `&` (table cell delimiter in multiline tables, used by LaTeX cases/arrays) The placeholder approach was chosen over HTML escaping because it preserves LaTeX environments like `\begin{array}` that were broken by the previous `{{}}` escaping method. Fixes #1581 Fixes #1462 Co-authored-by: Claude <noreply@anthropic.com> AI-model: kimi-for-coding/k2p6	3 weeks ago
Felix Eckhofer	b950e065e9	fix: stop dompurify from breaking draw.io diagrams (#7888 ) Newer versions of dompurify strip <foreignobject> tags if not explicitly allowed. See https://github.com/cure53/DOMPurify/issues/1040 Fixes #7744	5 months ago
Ethan	1238d614e1	Merge pull request from GHSA-xjcj-p2qv-q3rf * Update render.js # Improved handling of mustache expressions and v-pre attribute assignment ## Changes Made: - Ensured that the parent tag of such text nodes is explicitly set to a `<p>` tag with the `v-pre` attribute. - Added debug messages for better understanding of the script execution flow [THIS SHOULD REMOVED WHEN PUSHING TO PRODUCTION]. ## Why it Works: - When a mustache expression is found, the script either wraps it in a new `<p>` tag with the `v-pre` attribute or adds the `v-pre` attribute to the existing parent `<p>` tag. - This approach ensures that the template code is not removed but encapsulated within `<p>` tags with the `v-pre` attribute, as required. ## Test Cases Passed: 1. `<xyz>{{ constructor.constructor('alert(1)')() }}</xyz>` 2. `<xyz>{{ constructor.constructor('alert(1)')() }}</xyz>` 3. `<p><xyz>{{ constructor.constructor('alert(1)')() }}</p>` 4. `<p><xyz>{{ constructor.constructor('alert(1)')() }}</xyz></p>` 5. `<p><xyz>{{constructor.constructor('alert("Test Case 8")')()}}<xyz>{{constructor.constructor('alert("Test Case 9")')()}}</xyz></p>` This commit enhances the robustness and reliability of handling mustache expressions and ensures proper assignment of the `v-pre` attribute, to ensure that there is no room for the weaponization of the template code later in the rendering process. * fix: move template expressions after dom-purify + handle text nodes without parent --------- Co-authored-by: NGPixel <github@ngpixel.com>	2 years ago
Jasmine Tai	99e74e8eb2	feat: upgrade markdown-it-emoji to 3.0.0 (#6945 )	2 years ago
Pablo	8932d15c0c	fix: typo in kroki name (#6745 )	3 years ago
Jaeseo Park	d75fc76c0c	feat: add markdown-it-pivot-table rendering module (#6574 ) * feat: markdown-it-pivot-table * chore: upgrade dependency version * style: remove semicolon in renderer.js --------- Co-authored-by: Nicolas Giard <github@ngpixel.com>	3 years ago
Boris	54dbf9ad00	feat: add asciidoc editor module (#5954 ) * feat: add asciidoc editor module * fix storage file extension for asciidoc pages * fix: asciidoc editor + rendering improvements * fix: description list css improvements Co-authored-by: NGPixel <github@ngpixel.com>	3 years ago
cannorin	db2ad81a1f	feat: katex persistent macro support (#5838 ) Co-authored-by: cannorin <cannorin@users.noreply.github.com>	4 years ago
NGPixel	9fbc25adb8	feat: improve table rendering + add markdown-it-decorate module	4 years ago
NGPixel	a50712ea80	fix: handle links to same host but different port as external	4 years ago
NGPixel	afafb4f4e0	fix: md task list - use same config as client	4 years ago
broxen	12aef93cd6	fix: remove excess div wrappers (#4528 ) * Removing superfluous div wrapping It seems like standalone text is already wrapped in paragraph elements, so this code seems superfluous. Additionally, it adds div wrappers at every line break as described in #4524 * Fix for newlines and returns This change skips newlines and returns to focus on unbounded text only. * misc: fix indentation * misc: fix indentation (2) Co-authored-by: Nicolas Giard <github@ngpixel.com>	5 years ago
broxen	db73b650c9	fix: issue with Custom Header IDs (#4527 ) Fix the issue described in discussion #3502 regarding header links and TOC failing to properly generate when header ID is custom defined.	5 years ago
LK HO	a20f70ed8d	fix: rendering/html-core - null checks (#3823 )	5 years ago
NGPixel	d75c5532d1	fix: handle raw mustache expressions over multiple lines	5 years ago
NGPixel	5ffa189383	fix: add v-pre to pre tags at render time	5 years ago
Chris	a6bf2412d7	fix: superscript typo in module definition.yml (#2577 ) Fix spelling of "superscript" *NO_CI*	6 years ago
Nicolas Giard	04a1896811	fix: revert refactor in markdown-kroki and plantuml modules (#2619 )	6 years ago
Jafar Akhondali	5ba36ee421	refactor: server code (#2545 ) + Remove duplicated await + Replace some legacy codes with ES6 + Fix some of eslint problems	6 years ago
Иван	79c5b8fac2	fix: security html module removes allow attribute from iframes (#2354 ) * fix: secure html module removes allowfullscreen, allow and frameborder attributes from iframes * Apply suggestions from code review fix: remove deprecated attributes for iframe in secure html module Co-authored-by: Nicolas Giard <github@ngpixel.com>	6 years ago
NGPixel	8f6cba262f	fix: draw.io svgs are no longer removed with linebreaks (#2415 )	6 years ago
NGPixel	52d0af19b4	feat: diagram rendering + post-processor (wip)	6 years ago
Regev Brody	41327dd1e8	feat: support MultiMarkdown tables (#2126 )	6 years ago
NGPixel	b723d7d626	fix: markdown core props + styles/scripts permissions	6 years ago
Regev Brody	77086a6e0a	feat: optional kroki/plantuml svg caching (#2047 ) * feat: Caching kroki svgs #2020	6 years ago
Regev Brody	e03a80dccc	feat: underline markdown support (#2073 ) * fix: no markdown support for underline #2072	6 years ago
Nicolas Giard	9e08718ee9	Merge pull request from GHSA-9jgg-4xj2-vjjj	6 years ago
Regev Brody	037822b994	fix: secure html module removes target attribute from links (#2012 )	6 years ago
NGPixel	887e8a0f5a	feat: comments disqus + commento	6 years ago
Robert Lanyi	a581d9837a	feat: add Kroki renderer (#1900 ) * feat: Kroki integration see https://kroki.io/ * fix: markdown-kroki def updates Co-authored-by: Nicolas Giard <github@ngpixel.com>	6 years ago
NGPixel	1a33a43a0d	fix: use semver for latest version check	6 years ago
NGPixel	53da387082	feat: plantuml in markdown preview	6 years ago
NGPixel	98bf0d9ccb	fix: escape mustache template chars in content	6 years ago
NGPixel	6a4b25bc28	fix: plantuml deflate raw	6 years ago
daneallen	4aa7828a92	fix: add rel option to external links in content (#1853 ) * #1853: XSS attack fix by adding rel noferrer or rel noopen to _blank target external links * fix: relAttributeExternalLink noopener Co-authored-by: danallendds <daniel.allen@friends.dds.mil> Co-authored-by: Nicolas Giard <github@ngpixel.com>	6 years ago
NGPixel	c81ba5a503	fix: markdown footnotes id incorrectly stripped	6 years ago
NGPixel	281172a9f4	feat: mathjax markdown module	6 years ago
NGPixel	954262f517	fix: tabs renderer remove switchTab handler	6 years ago
NGPixel	5d43f6ada1	feat: content tabs	6 years ago
NGPixel	514d31a46d	feat: hide sidebar option	6 years ago
NGPixel	17f833509f	fix: html sanitizer - whitelist start prop for ol tag	6 years ago
NGPixel	2ff3abe0d8	fix: html sanitizer - whitelist i tag	6 years ago
NGPixel	5229390d87	fix: plantuml default markers	6 years ago
NGPixel	5f382f21cf	fix: enable mermaid by default	6 years ago
NGPixel	1d16a3fc71	feat: mermaid support for markdown	6 years ago
NGPixel	44a0f69a78	feat: katex chemical equations support	6 years ago
NGPixel	58b08e54b4	fix: missing footnote module in markdown editor preview	6 years ago
NGPixel	bacbe4f543	fix: whitelist task list checkboxes	6 years ago
NGPixel	b529ad21c9	fix: code blocks incorrect escaping + deps update	6 years ago

1 2

88 Commits (dffcc55755c582020bf7e7478c5d7e6b243c53d6)