Fixes typos
Merge pull request #3356 from deining/fix/typos
Fixes typos
This PR fixes a few typos I spotted.
oh my, funny how many typos sneak in over time 😅
Update README.md
Update README.md
instructions for adding new subjects
add AbstractSubject as example of how to create a subject
make it easier to add subjects
test code highlights
code/file tests
refactor subject exports
story style fix
Update README.md
Update README.md
0.3.2
0.3.2
This is caused by https://github.com/hakimel/reveal.js/blob/master/css/print/paper.scss
Even if I embed reveal.js in a page, it will override ALL THE BASIC ELEMENTS with !important
, e.g.:
https://github.com/hakimel/reveal.js/blob/4fe3946cb43de57f79aaa7b646aee7e78f4bcc75/css/print/paper.scss#L8-L9
https://github.com/hakimel/reveal.js/blob/4fe3946cb43de57f79aaa7b646aee7e78f4bcc75/css/print/paper.scss#L39-L58
This means that output will have
@media print {
html:not(.print-pdf) body {
font-size: 20pt!important;
}
html:not(.print-pdf) h1 {
font-size: 28pt !important;
}
}
So a normal page without reveal js like this:
Becomes like this just because reveal style is imported:
(I embed a reveal.js in page:)
My confusion is why is that file needed as users are already asked to print with ?print-pdf
?
Also does anyone have the same confusion with me why reveal.js tries and why it should use high priority selectors and !important
to force overriding default tag style?
Thanks for pointing this out. Definitely not desirable that the print styles bleed into the rest of the page.
I've revised this now so that all print styles are scoped to .reveal. The only styles that are still set on the html level are required to ensure overflow is visible otherwise printing won't work.
scope print styles to .reveal #3348
Missing lang attribute
The lang attribute does not default to English. It defaults to an unknown, which is an accessibility issue.
Merge pull request #3257 from sojinsamuel/patch-1
Missing lang attribute
The lang attribute does not default to English. It defaults to an unknown, which is an accessibility issue.
Makes sense. Thanks for the making reveal.js more secure!
Update js.yml
Signed-off-by: sashashura 93376818+sashashura@users.noreply.github.com
Merge pull request #3268 from sashashura/patch-1
GitHub Workflows security hardening
This PR adds explicit permissions section to workflows. This is a security best practice because by default workflows run with extended set of permissions (except from on: pull_request
from external forks). By specifying any permission explicitly all others are set to none. By using the principle of least privilege the damage a compromised workflow can do (because of an injection or compromised third party tool or action) is restricted.
It is recommended to have most strict permissions on the top level and grant write permissions on job level case by case.
If you, like me, love reveal.js but are annoyed by dependabot security alerts and like to fix them, I have good-ish news on the vulns it is flagging in glob-parent as pulled in transitively through gulp's dependencies. First off, Gulpjs is not going to address this directly: https://github.com/gulpjs/gulp/issues/2640, but per this stackoverflow: https://stackoverflow.com/questions/68333071/how-to-solve-this-npm-glob-parent-problem , you can hardwire the resolution of glob to an updated version, which does not appear to have any problems (testing on serving static reveal presentations, no testing on reveal.js server functionality, so ymmv).
(not a bug, but I suppose with additional testing this could be baked in to reveal's package.json directly?)
Thanks for the info @joncamfield—I've added an override for glob-parent that fixes the security alerts
fix security alerts by upgrading glob-parent #3343
jump to slide tweak
fix conflict between prism/hljs