Max Wu
Max Wu
Hi everyone, We explicit removed support of `@import` in CSS style tag to avoid security issues which you can load arbitrary files in.
Hi @siaimes, Thanks for reaching us. Did you set `CMD_URL_PATH` for your subpath in env vars or `urlPath` in `config.json`?
I don't quite get it, if you found any security issue, you can just report here as issue. It's ok to disclose here instead of browsing another bug bounty site.
Feel free to reopen or open another issue if you disclose the details.
Thanks for reporting @JamieSlome. However, creating a link that let user download their data is the same as they did in the profile menu. The downloaded zip should only be...
> Hey @jackycute, let me put forward the issue in a clearer way. Say that a legitimate user is logged on to their account. And he visits a malicious page...
> Yeah. You are right. That would be a good fix for this. Can you consider marking this disclosure verified [here](https://huntr.dev/bounties/1-other-hackmdio/codimd/) as well? > > /cc @JamieSlome I would love...
Verified, found a typo though. codemd -> CodiMD. Thanks for reporting.
I found we have already support makefile syntax highlighting. Please use `cmake` in the code block language.
@yangyang95 Actually we use both `highlight.js` and `Prism` both for different code languages. Shame on `highlight.js` not handle that properly, you could raise a issue for them. I will change...