mirror of
https://github.com/kbenestad/mdcms.git
synced 2026-06-18 15:24:32 +00:00
df0f179004
Renderer (app/index.html): - Guard the router so navigateTo and the hashchange/popstate handlers only load relative .md paths (isSafePagePath). Blocks fetching attacker- controlled external URLs injected via the location hash. - Stop treating in-page heading anchors (#heading) as page files, which previously replaced the page with a 404. - HTML-escape meta.title, link href/title attributes, not-found/offline messages, and the icon fallback img; block javascript:/data: hrefs via safeUrl. - Hydrate mdcms tags nested inside tabs/accordions/callouts. - Configure marked once instead of on every render. - Validate stored theme value; fix text-align center; resolve per-category offline message after categories initialise. CLI (mdcms.py): - Restore CDN_DEPS, _WOFF2_URL_RE, _fetch_bunny_fonts, _patch_index_html so fetch-deps no longer raises NameError. - Compare site markers against SITE_FORMAT_VERSION with zero-padded version comparison, removing the spurious "update available" warning on v0.6 sites. - Bump CLI to 0.6.1. https://claude.ai/code/session_018KXUwmSNMGF2UBywTChCcS |
||
|---|---|---|
| .. | ||
| banner | ||
| claude-design.md | ||
| dev-release.md | ||
| documentation.md | ||
| github-workflow.md | ||
| install.md | ||
| knownbugs.md | ||
| README.md | ||
| reference-config.md | ||
| reference-nav.md | ||
| reference-pages.md | ||
| reference-theme.md | ||
| unreleased.md | ||
| workflows.md | ||
Placeholder