Sarven Capadisli
Sarven Capadisli
We've been referring to https://git.dokie.li/ for this repository. It redirects to https://github.com/dokieli/dokieli. We should transition to either self-hosting the source code with free and open source repo software or use...
A bad actor could create a resource such as an article or annotation with a large payload (locks up browser to prevent users from accessing content). This is also a...
dokieli does not limit the number of resources (for example, annotations) displayed at once. This is not only a performance issue in itself for genuinely highly annotated articles, but also...
An attacker could impersonate someone else when creating an annotation or an article, e.g., using somebody else's name and/or avatar. This could happen by simply creating a fake or throw-away...
Currently, unless cleared manually, dokieli does not clear local storage when leaving a page. Information disclosure could happen when sharing devices with others (because autosaving to localstorage is always enabled,...
Anyone can annotate or tag someone as an author without being properly signed in or without verifying the identity of the tagged author, and they can be repudiated after, especially...
dokieli relies on client's OS date so changing OS dates would result in an altered date in the resulting annotation. This could be used to tamper with dates in articles...
The citation form currently supports searching specref.org. It should also search wikidata.org
Generate [SRI](https://www.w3.org/TR/sri/) for resources available under https://dokie.li/ : * [ ] scripts/dokieli.js * [ ] media/css/basic.css * [ ] media/css/dokieli.css include it in documents: * [ ] /index.html * [...