mirror of
https://github.com/kbenestad/mdcms.git
synced 2026-06-18 15:24:32 +00:00
df0f179004
Renderer (app/index.html): - Guard the router so navigateTo and the hashchange/popstate handlers only load relative .md paths (isSafePagePath). Blocks fetching attacker- controlled external URLs injected via the location hash. - Stop treating in-page heading anchors (#heading) as page files, which previously replaced the page with a 404. - HTML-escape meta.title, link href/title attributes, not-found/offline messages, and the icon fallback img; block javascript:/data: hrefs via safeUrl. - Hydrate mdcms tags nested inside tabs/accordions/callouts. - Configure marked once instead of on every render. - Validate stored theme value; fix text-align center; resolve per-category offline message after categories initialise. CLI (mdcms.py): - Restore CDN_DEPS, _WOFF2_URL_RE, _fetch_bunny_fonts, _patch_index_html so fetch-deps no longer raises NameError. - Compare site markers against SITE_FORMAT_VERSION with zero-padded version comparison, removing the spurious "update available" warning on v0.6 sites. - Bump CLI to 0.6.1. https://claude.ai/code/session_018KXUwmSNMGF2UBywTChCcS |
||
|---|---|---|
| .. | ||
| assets | ||
| pages | ||
| posts | ||
| 404.html | ||
| config.yml | ||
| index.html | ||
| manifest.json | ||
| mdcms.json | ||
| nav.yml | ||
| search.json | ||
| service-worker.js | ||
| theme.yml | ||