From d213fac34cb495aa7f91715462f9f090c7e32f13 Mon Sep 17 00:00:00 2001 From: Hakim El Hattab Date: Thu, 30 Jan 2020 10:15:39 +0100 Subject: [PATCH 1/5] add note about supporting reveal.js via Slides --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7f78d97d..7cd8156c 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,10 @@ A framework for easily creating beautiful presentations using HTML. [Check out the live demo](https://revealjs.com/). -reveal.js comes with a broad range of features including [nested slides](https://github.com/hakimel/reveal.js#markup), [Markdown contents](https://github.com/hakimel/reveal.js#markdown), [PDF export](https://github.com/hakimel/reveal.js#pdf-export), [speaker notes](https://github.com/hakimel/reveal.js#speaker-notes) and a [JavaScript API](https://github.com/hakimel/reveal.js#api). There's also a fully featured visual editor and platform for sharing reveal.js presentations at [slides.com](https://slides.com?ref=github). +reveal.js comes with a broad range of features including [nested slides](https://github.com/hakimel/reveal.js#markup), [Markdown support](https://github.com/hakimel/reveal.js#markdown), [PDF export](https://github.com/hakimel/reveal.js#pdf-export), [speaker notes](https://github.com/hakimel/reveal.js#speaker-notes) and a [JavaScript API](https://github.com/hakimel/reveal.js#api). There's also a fully featured visual editor and platform for sharing reveal.js presentations at [slides.com](https://slides.com?ref=github). + +### Supporting reveal.js +This project was started and is maintained by [@hakimel](https://github.com/hakimel/) with the help of many [contributions from the community](https://github.com/hakimel/reveal.js/graphs/contributors). The best way to support the project is to [become a paying member of Slides.com](https://slides.com/pricing)—the reveal.js presentation platform that Hakim is building. ## Table of contents From b6cc6b4916d594ac9f5aeed34d4c4c93dafc1a12 Mon Sep 17 00:00:00 2001 From: Hakim El Hattab Date: Fri, 31 Jan 2020 10:59:08 +0100 Subject: [PATCH 2/5] blacklist some method from the postMessage API to prevent XSS --- js/reveal.js | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/js/reveal.js b/js/reveal.js index 28c31023..8e82e7b1 100644 --- a/js/reveal.js +++ b/js/reveal.js @@ -32,8 +32,12 @@ HORIZONTAL_SLIDES_SELECTOR = '.slides>section', VERTICAL_SLIDES_SELECTOR = '.slides>section.present>section', HOME_SLIDE_SELECTOR = '.slides>section:first-of-type', + UA = navigator.userAgent, + // Methods that may not be invoked via the postMessage API + POST_MESSAGE_METHOD_BLACKLIST = /registerPlugin|registerKeyboardShortcut|addKeyBinding|addEventListener/, + // Configuration defaults, can be overridden at initialization time config = { @@ -1274,11 +1278,20 @@ // Check if the requested method can be found if( data.method && typeof Reveal[data.method] === 'function' ) { - var result = Reveal[data.method].apply( Reveal, data.args ); - // Dispatch a postMessage event with the returned value from - // our method invocation for getter functions - dispatchPostMessage( 'callback', { method: data.method, result: result } ); + if( POST_MESSAGE_METHOD_BLACKLIST.test( data.method ) === false ) { + + var result = Reveal[data.method].apply( Reveal, data.args ); + + // Dispatch a postMessage event with the returned value from + // our method invocation for getter functions + dispatchPostMessage( 'callback', { method: data.method, result: result } ); + + } + else { + console.warn( 'reveal.js: "'+ data.method +'" is is blacklisted from the postMessage API' ); + } + } } }, false ); From 94d98ff7d89e35c7d5b289ba387cdb0d42b30793 Mon Sep 17 00:00:00 2001 From: Hakim El Hattab Date: Fri, 31 Jan 2020 11:11:23 +0100 Subject: [PATCH 3/5] 3.9.2 security release --- bower.json | 2 +- js/reveal.js | 2 +- package-lock.json | 2 +- package.json | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bower.json b/bower.json index 8edaf37e..bc825ab4 100644 --- a/bower.json +++ b/bower.json @@ -1,6 +1,6 @@ { "name": "reveal.js", - "version": "3.9.1", + "version": "3.9.2", "main": [ "js/reveal.js", "css/reveal.css" diff --git a/js/reveal.js b/js/reveal.js index 8e82e7b1..a1357a66 100644 --- a/js/reveal.js +++ b/js/reveal.js @@ -26,7 +26,7 @@ var Reveal; // The reveal.js version - var VERSION = '3.9.1'; + var VERSION = '3.9.2'; var SLIDES_SELECTOR = '.slides section', HORIZONTAL_SLIDES_SELECTOR = '.slides>section', diff --git a/package-lock.json b/package-lock.json index 5a1d393b..f7910098 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "reveal.js", - "version": "3.9.1", + "version": "3.9.2", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 4898ed2c..460bcfa8 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "reveal.js", - "version": "3.9.1", + "version": "3.9.2", "description": "The HTML Presentation Framework", "homepage": "http://revealjs.com", "subdomain": "revealjs", From 768335f34b73147f4a9c0dd25a385764a480e98b Mon Sep 17 00:00:00 2001 From: Hakim El Hattab Date: Thu, 13 Feb 2020 10:06:11 +0100 Subject: [PATCH 4/5] setup gh actions --- .github/workflows/js.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/js.yml diff --git a/.github/workflows/js.yml b/.github/workflows/js.yml new file mode 100644 index 00000000..517112f7 --- /dev/null +++ b/.github/workflows/js.yml @@ -0,0 +1,24 @@ +name: Node.js CI + +on: [push] + +jobs: + build: + + runs-on: ubuntu-latest + + strategy: + matrix: + node-version: [8.x, 10.x, 12.x] + + steps: + - uses: actions/checkout@v2 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v1 + with: + node-version: ${{ matrix.node-version }} + - run: npm install + - run: npm run build --if-present + - run: npm test + env: + CI: true From b6933b45adf37b5ff7111d60b8c5e7ca1db75b33 Mon Sep 17 00:00:00 2001 From: Hakim El Hattab Date: Thu, 13 Feb 2020 10:09:01 +0100 Subject: [PATCH 5/5] remove travis ci, switched to gh actions --- .travis.yml | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index e65e0df4..00000000 --- a/.travis.yml +++ /dev/null @@ -1,5 +0,0 @@ -language: node_js -node_js: - - 11 -after_script: - - npm run build -- retire