hakanu / pervane Goto Github PK

Make it configurable via a flag with the list type.

Reloading all those css and js for the editor is taking so much time.

Hi,

I saw your project on lobste.rs. Looks interesting.

I installed from pip on OpenBSD. I'm using firefox and Python-3.7.

First I couldn't create nodes. No error message was shown, but the URL said:

http://localhost:5000/?message=failed_to_creat_md:example/test.md

The reason was because the storage directory didn't exist. It's fine after that. Perhaps create it if it doesn't exist, or error out?

I had a quick prod around in the editor. Some of the buttons don't seem to work. E.g. preformatted text.

File upload lets me choose a file, but I don't know where the file goes after that.

I guess you know all of this. work in progress, right?

Sorry, I won't have a lot of time to spend on this, but I thought you'd like to know anyway.

Thanks

just like GFM:

- [x] aaa
- [ ] bbbb
    - [ ] inner ccc

Will be rendered as

• aaa
• bbbb
  • inner ccc

Quick search can ignore this.

• https://flask-login.readthedocs.io/en/latest/
• Needs storage

• evernote
• keep
• onenote

If a user starts pervane with --dir as a relative directory, then a potential bad actor can use other relative path commands to view system files. Attached is an example when I started Pervane with --dir=. and then navigated the url to ?f=./../../../../../etc/hosts (the number of .. doesn't matter).

My suggestion is to always resolve the absolute path when doing path logic. Don't trust the user.

Using setup.py and pip the package data (template files, etc) do not install under Arch using Python 3.8. However, the Python egg does install.

$ ls /usr/lib/python3.8/site-packages/pervane*
/usr/lib/python3.8/site-packages/pervane-0.0.33-py3.8.egg