ahmadine
0a0b90c4d0
referer: change referrer policy. Stop sending referers as much as possible
...
Pull request with discussion: https://github.com/ether/etherpad-lite/pull/3636
What's already there:
* `meta name=referrer`: already done in 1.6.1:
https://github.com/ether/etherpad-lite/pull/3044
https://caniuse.com/#feat=referrer-policy
https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-delivery-meta
(Chrome>=78, Firefox>=70, Safari>=13, Opera>=64, ~IE[1], ~Edge[1])
The previous two commits (by @joelpurra) I backported in this batch:
* `<a rel=noreferrer>`: a pull request denied before:
https://github.com/ether/etherpad-lite/pull/2498
https://html.spec.whatwg.org/multipage/links.html#link-type-noreferrer
https://developer.mozilla.org/en-US/docs/Web/HTML/Link_types
(Firefox>=37, I can't find more info about support)
This commit adds the following:
* `<a rel="noopener">`: fixing a not-so-well-known way to extract referer
https://html.spec.whatwg.org/multipage/links.html#link-type-noopener
(Chrome>=49, Firefox>=52, Safari>=10.1, Opera>=36, !IE, !Edge)
* `Referrer-Policy: same-origin`: the last bastion of referrer security
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
(Chrome>=61, Firefox>=52, Safari>=11.1, Opera>=48, !IE, !Edge)
meta name=referrer wasn't enough. I happened to leak a few referrers with my
Firefox browser, though for some browsers it could have been enough.
[1] IE>=11, Edge>=18 use a different syntax for meta name=referrer, making it
most probably incompatible (but I may be wrong on that, they may support
both, but I have no way to test it currently). The next Edge release will be
based on Chromium, so for that the Chrome version applies.
2019-11-25 00:05:40 +01:00
Joel Purra
f314460b7c
referer: HTML5 browsers no longer leak pad through HTTP referer header
...
Added `rel="noreferrer"` to automatically generated links in the main pad window
as well as the chat window.
`rel="noreferrer"` is part of the HTML5 standard. While browser support isn't
100%, it's better than nothing. Future alternative solutions with wider browser
support, such as intermediary redirect pages, are unaffected by this change.
https://html.spec.whatwg.org/multipage/links.html#link-type-noreferrer
This commit was originally part of https://github.com/ether/etherpad-lite/pull/2498
2019-11-25 00:05:40 +01:00
muxator
dc7e49f89d
Remove trailing whitespaces
...
Hoping to minimize future diffs. Not touching vendorized libraries.
2019-04-16 00:34:29 +02:00
Dan Bornstein
2a876e5e9b
Ensure that all lines in the pad are marked with class ace-line
.
...
Without this change, lines that haven't ever been edited will have either
an empty class or, in the case of list start lines, a class that begins
with a space (because the `ace-line` before the space never got added).
2016-09-13 01:17:04 +02:00
John McLear
6f2e155668
Merge pull request #2898 from rohieb/feature/more-uri-schemes
...
Highlight and link more URI schemes: about, geo, tel
2016-03-26 22:14:38 +08:00
Roland Hieber
dde4fdfdbd
Highlight and link more URI schemes: about, geo, tel
2016-01-30 19:03:42 +01:00
John McLear
f80407c6ff
removal
2016-01-08 13:41:52 +00:00
John McLear
34a46d6318
should be clean enough to push
2015-12-23 14:35:52 +00:00
John McLear
990e14c904
working with a big hack
2015-01-21 14:25:24 +00:00
John McLear
eacf1118f8
blind attempt to try
2015-01-21 02:55:03 +00:00
John McLear
f5716a3b26
cleaner logic
2014-03-05 21:44:32 +00:00
John McLear
89d7ba0dc0
merge
2014-03-05 21:27:12 +00:00
John McLear
432438a40d
fix dintenation
2014-03-04 23:36:16 +00:00
John McLear
c3d62c5fa4
preprocessor for domline attributes
2014-03-04 23:14:15 +00:00
Luc Didry
3d8452b143
Replace tabs indentation with spaces indentation
...
Some files are obviously external libraries, I didn't touch them
2013-12-05 08:41:29 +01:00
Grant Woodford
c3a58f42e7
Added a better way of detecting when a url does not have a protocol specified
2013-10-21 22:15:46 +02:00
John McLear
e712f7665d
working solution props to dmitryu for making me not be scared of modifying div clases
2013-04-11 16:33:03 +01:00
John McLear
90c5b26e89
keep integrity on paste and better styling but new lists dont reset counter
2013-04-09 14:29:55 +01:00
John McLear
2e76bd4e50
working but then create a second list, it will be stupid, SIGH
2013-04-09 01:22:09 +01:00
Peter 'Pita' Martischka
cba001341f
Remove legacy mozilla specific code from ace inner
2013-02-03 14:03:10 +00:00
Martyn York
da75b87d3c
added new hook 'acePostWriteDomLineHTML' which gets called after a domline is created and has been added to the page. Also fixed problems with ReferenceExceptions due to require-kernel not being sent to the iframe.
2012-04-18 14:44:25 -07:00
Matthias Bartelmeß
6507614e45
made domline and content collector lineAttributes compatible
2012-04-07 02:12:42 +02:00
Matthias Bartelmeß
e559df18ce
use underscore.js
2012-03-17 13:38:26 +01:00
Matthias Bartelmeß
b28bfe8e31
map / forEach use native impl, if available. ace2_common extends the prototype of Array, if not
2012-03-13 21:10:10 +01:00
Chad Weider
ddda347f7a
Merge branch 'require-paths' into plugin
...
Conflicts:
node/server.js
src/static/js/Changeset.js
src/static/js/ace.js
src/static/js/ace2_common.js
src/static/js/ace2_inner.js
src/static/js/broadcast.js
src/static/js/changesettracker.js
src/static/js/chat.js
src/static/js/collab_client.js
src/static/js/contentcollector.js
src/static/js/domline.js
src/static/js/linestylefilter.js
src/static/js/pad.js
src/static/js/pad_connectionstatus.js
src/static/js/pad_docbar.js
src/static/js/pad_editbar.js
src/static/js/pad_editor.js
src/static/js/pad_impexp.js
src/static/js/pad_modals.js
src/static/js/pad_savedrevs.js
src/static/js/pad_userlist.js
src/static/js/pad_utils.js
src/static/js/timeslider.js
src/static/js/undomodule.js
src/static/pad.html
src/static/timeslider.html
2012-03-10 15:08:09 -08:00
Egil Moeller
ce5d2d8685
Merge branch 'pita'
...
Resolved conflicts:
.gitignore
src/static/js/ace.js
src/static/js/ace2_inner.js
src/static/js/broadcast.js
src/static/js/domline.js
src/static/pad.html
src/static/timeslider.html
Ignored conflicts (please merge manually later):
node/server.js
src/node/utils/Minify.js
2012-03-02 22:00:20 +01:00
Egil Moeller
df531a7b2b
Made ace actually use the new hooks system, and removed remnants of old system
2012-03-01 19:22:02 +01:00
Egil Moeller
763361a7c9
First stab at getting client side require(plugin/..) to work from within etherpad
2012-02-26 17:48:17 +01:00
Egil Moeller
1239ce7f28
The Big Renaming - etherpad is now an NPM module
2012-02-26 13:07:51 +01:00