* Added CSP rules for both EasyMDE and StackEdit+ to be allowed t…

…o open within an iframe.

* incremented to v0.5.4

INSTALL.md

@@ -18,4 +18,4 @@ _Note: The `/plugins` folder is case-sensitive._
 
 ---
 
-Read the full [**Changelog**](../master/changelog.md "See changes") or view the [**README**](../master/README.md "View README")
+Read the full [**Changelog**](changelog.md "See changes") or view the [**README**](README.md "View README")

Plugin.php

@@ -9,14 +9,34 @@ class Plugin extends Base
 {
     public function initialize()
     {
+        $cspRules = $this->container['cspRules'];
+
     	if ($this->configModel->get('WysiwygMDEditor_enable_easymde', '0') == '1') {
             $this->hook->on('template:layout:js', array('template' => 'plugins/WysiwygMDEditor/vendor/highlightjs/highlight.js/highlight.min.js'));
             $this->hook->on('template:layout:js', array('template' => 'plugins/WysiwygMDEditor/vendor/Ionaru/easy-markdown-editor/easymde.min.js'));
             $this->hook->on('template:layout:js', array('template' => 'plugins/WysiwygMDEditor/Assets/easymde/editor.js'));
+
+            // add a 'self' frame-src CSP for StackEdit+, ONLY if not already present
+            if (!array_key_exists('frame-src', $cspRules)) {
+                $cspRules['frame-src'] = "'self'";
+            }
+            else if (!str_contains($cspRules['frame-src'], "'self'")) {
+                $cspRules['frame-src'] .= " 'self'";
+            }
         }
+
     	if ($this->configModel->get('WysiwygMDEditor_enable_stackedit', '0') == '1') {
             $this->hook->on('template:layout:js', array('template' => 'plugins/WysiwygMDEditor/vendor/benweet/stackedit.js/stackedit.min.js'));
             $this->hook->on('template:layout:js', array('template' => 'plugins/WysiwygMDEditor/Assets/stackedit/editor.js'));
+
+            // add a specific frame-src CSP for StackEdit+, ONLY if not already present
+            if (!array_key_exists('frame-src', $cspRules)) {
+                $cspRules['frame-src'] = "https://stackedit.net/";
+            }
+            else if (!str_contains($cspRules['frame-src'], "https://stackedit.net/")) {
+                $cspRules['frame-src'] .= " https://stackedit.net/";
+            }
+            $this->setContentSecurityPolicy($cspRules);
         }
 
         $this->template->hook->attach('template:config:sidebar', 'WysiwygMDEditor:config/sidebar');
@@ -56,7 +76,7 @@ public function getPluginAuthor()
 
     public function getPluginVersion()
     {
-        return '0.5.3';
+        return '0.5.4';
     }
 
     public function getCompatibleVersion()

README.md

@@ -36,7 +36,6 @@
 
 ---
 
-<h4>(work in progress ...)</h4>
 <h1 name="user-content-readme-top">Wysiwyg MD Editor plugin for Kanboard</h1>
 
 Integrates external MD editors into Kanboard in order to conveniently edit/preview
@@ -109,7 +108,7 @@ Follow the explanations to configure and preview the MD editor(s) of your prefer
     <summary><strong>Translations</strong></summary>
 
 - Available translations for some common languages `DE`, `ES`, `FR`, `IT`, `PT`, `RU` - yet, they are _mechanically translated using Google Translate_ !
-- _`en_US` translation is the default_ if there is no translation for the user selected language in KB.
+- _Translation for `en_US` is the default_ if there is no translation pack for the user selected language in KB.
 
 </details>
 

changelog.md

@@ -1,11 +1,16 @@
 # Changelog
 
 
+## v0.5.4
+
+_(most recent changes are listed on top):_
+* Added CSP rules for both `EasyMDE` and `StackEdit+` to be allowed to open within an iframe. 
+
 ## v0.5.3
 
 _(most recent changes are listed on top):_
-* Added translations for common languages DE, ES, FR, IT, PT, RU (using Google Translate)
-* Translation for "en_US" is set to default if a language pack is missing
+* Added translations for common languages `DE`, `ES`, `FR`, `IT`, `PT`, `RU` (using Google Translate)
+* Translation for `en_US` is set to default if a language pack is missing
 * Hiding rendering options until rendering is actually implemented 
 
 ## v0.5.2