The code editor offers already plenty of options for code highlighting, LaTeX is however not amongst them.

Howdy,

I generally try to avoid running nodejs apps whenever possible but wanted to give this one a shot, however this error message is not overly helpful.

Is anyone ale to shed some light on this for me?

• CentOS 7
• Followed 'To install:...'
• npm: 2.15.1
• node: nodejs-0.10.46-1nodesource.el7.centos.x86_64

[nginx@nas]/usr/share/nginx/html/cryptpad% node ./server.js

/usr/share/nginx/html/cryptpad/NetfluxWebsocketSrv.js:2
const Crypto = require('crypto');
^^^^^
SyntaxError: Use of const in strict mode.
    at Module._compile (module.js:439:25)
    at Object.Module._extensions..js (module.js:474:10)
    at Module.load (module.js:356:32)
    at Function.Module._load (module.js:312:12)
    at Module.require (module.js:364:17)
    at require (module.js:380:17)
    at Object.<anonymous> (/usr/share/nginx/html/cryptpad/server.js:9:18)
    at Module._compile (module.js:456:26)
    at Object.Module._extensions..js (module.js:474:10)
    at Module.load (module.js:356:32)

Would be nice to export the contents of a pad to a file, for now I'm interested in the code pad, as this does not require special formatting.

Zero knowledge is commonly used to refer to a method of proving knowledge of secret information without revealing it. (https://en.wikipedia.org/wiki/Zero-knowledge, https://www.google.com/#q=zero+knowledge)

I am not seeing how this relates to a collaborative document editor, are you just using the phrase incorrectly? Please elaborate how/why you are using zero-knowledge proofs in this software.

Hey,

I'm running the latest version in a setup like mentioned in issue #84. I'm running it behind a nginx reverse proxy on a https endpoint with the following config:

    location / {
        proxy_pass http://localhost:3010/;
        proxy_set_header    Host $host;
        proxy_set_header    X-Forwarded-Proto https;
        proxy_buffering off;
        autoindex  off;
    }

Something doesn't seem to work as I'm getting the following error messages.

I tried it with the same nginx config as mentioned in this thread: #62 (comment) but that didn't change anything.

location / {
        proxy_pass http://localhost:3010/;
        proxy_set_header    Host $host;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection upgrade;
    }

Any idea what's wrong there?

for those whose threat model includes device confiscation and localStorage inspection.

So it seems like when I type there is a quite a big space between lines.

yet I can see that text can by typed without so much space -> i just cant figure out how it was done.

http://i.imgur.com/XR4vqyu.png

I just started using cryptpad but I noticed that when a collaborator joins my document the past ~10 seconds of writing get reverted.

Links added to the pad cannot be opened or copied from the view only page and can only be modified in editing mode.

In Chrome, when in view only mode you can right click the link while holding CTRL and a "Open in new Tab" option will pop-up.

Right now we highlight everything as if it were javascript.

The main page has been updated and with that update all the previously created translations are gone.
I can translate it back to polish (as I did the original), but you'll have to contact others to redo theirs if they want.

I've tried both 0.3.0 and master with multiple storage engines - when creating a new pad/code editor the spinner shows up and keeps on spinning forever

This looks wrong https://github.com/cjdelisle/cryptpad/blob/master/ChainPadSrv.js#L71

Going through installation guide I've found out that there is no mention of "How to run Cryptpad as background service" or "How to run Cryptpad with nginx/apache".

Running node with screen results in "Cannot GET /" when no address extensions is specified. Accessing pads works flawlessly.

• screen -DmS node /cryptpad/location/server.js

Running node with systemd is a way to go if you want cryptpad as background service accessible on port specified in settings file:

• Add cryptpad.service file to /etc/systemd/system/
• Fill it with:

[Unit]
Description=cryptpad
After=network.target

[Service]
ExecStart=/usr/bin/node /root/of/your/cryptpad/server.js
Restart=always
User=nobody
Group=nobody
Environment=PATH=/usr/bin:/usr/local/bin
Environment=NODE_ENV=production
WorkingDirectory=/root/of/your/cryptpad

[Install]
WantedBy=multi-user.target

• Start the service with:
  systemctl start cryptpad

My school has a very strict firewall.
Access to cryptpad on port 3000 is blocked, so I've thought about proxypass in nginx, but it only forwards you to port 3000 which is blocked anyway.

I'm trying to set up cryptpad (listening at http and websocket on port 3000) behind a nginx reverse proxy that forwards requests sent to e.g. mycryptpad.example.com:80 to 192.168.0.1:3000

It works for static web content.

However, when the web client performs a GET on /api/config, it is told to open a websocket to ws://mycryptpad.example.com:3000, but it should be 80
The relevant code is at server.js line 55

This is hard to rewrite in reverse proxy configuration.

Could you add in config.js an optional parameter with the port to be shown to web clients in case it's different to the listening port?

Thanks so much for your work!

Looks like the image is not on docker hub any more:

https://www.docker.com/xwiki/cryptpad

as far as I understand, cryptpad is still centralized

ServerA
|--- browser1
|--- browser2
|--- browser3

Is there a way to have a decentralization at the server level as follows?

ServerA
|--- browser1
|--- ServerB
        |--- browser2
        |--- browser3

Opening cryptpad with Firefox 45.2.0, I can see the spelling mistakes I make but when I right-click on them, instead of the normal FF menu, I get the CKEditor "paste" menu.

IMHO, disabling CKEditor's context menu makes for a much nicer user experience.

Hello, thanks for the great project 👍

Is it possible to have an history feature? (It does not seem to have one).

Not sure what happened, but when a second user entered the pad using a mobile device, all the text was lost.
Having a history feature would have provided a way to go back to a previous version, instead of losing all our text.

Thanks a lot!

First of all: Great Work!
I wonder if its in your roadmap adding chat like other etherpad services.
Cool

We want to run an instance of cryptpad for our coop members
We have installed but when we start the app we have a page that has the cryptpad logo but no functionality.

What are the required changes to the config file to run cyptpad in production ?
Is mongo db required ?
How can we change the look and feel if needed ?

Thanks

Slide can be vulnerable to an XSS attack if the CSP headers are disabled

How to reproduce

• An attacker creates an slide containing a malicious link: [naughty link](javascript:alert('xss'))
• (S)he shares it with a targeted user
• The targeted user clicks on the link
• The payload is executed if CSP headers are disabled

How to fix

Updating the marked library should fix it.

When users visited a link to a Cryptpad, the page stalled with the loading GIF and never displayed content.

Just curious.. Awesome project though.

We have crytpad running with proxypass using nginx
When we try to load a pad the service hangs on the loading screen

nginx proxy pass settings are like this

Set the location routing.

location ~ / {

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;

##Use the domain.tld here.
proxy_pass http://150.82.45.137:3500;

}

After I installed cryptpad successfully , I tested "http://localhost:3000" , It's totally OK !
When I test "http://localhot:3000/p/" , It dose not work . It should create a new pad automatically . It's url dose not change and the page dose not jump automatically .
When I test "https://cryptpad.fr/p" , this page will automatically jump to 'https://cryptpad.fr/p/#CYf/iyq9wBDnJBGLHKXuqv0L' ! This page created a new pad .

So , the question is how can I create a new pad after cryptpad is installed on my computer ?

Hi!

Cryptpad is very nice, but one of the features I like from etherpad is that you can see other users when they open the pad and you can have custom colors for each user's modifications.

Do you plan on integrating these two things to cryptpad?

I see that it's possible to name collaborators, but it doesn't seem that it's currently possible view edits by author. Is that something on the roadmap?

Thanks for this wonderful amazing tool! I have somehow convinced a friend to use it to set me up on a blind date, as an easy way to talk first but arrive with zero-knowledge (ha!)

Hello again,

For config.js file, and for testing purpose only, what should I fill into this file?

I have MongoDB in my system already

Thoughts on integrating a plugin for Atom text editor? They have something similar, using collaborative tools like Firepad. The bad thing is that it goes through the Firebase proxy to share the contents. Would be great if you could use something like cryptpad, with a powerful text editor like Atom, but share locally and encrypted. E.g., if you're the same network, you can share the url with your buddy, and then you can point to point share the data/collaborate over encrypted channels.

Any pad I created before that I go to now shows the default startup state, none of my content is there. What happened?

Great job XWiki team! A very nice app.

I would like to propose the Sandstorm platform as an excellent option for hosting (and self-hosting) CryptPad.

Many successful collaboration applications are already available within the Sandstorm App Market, the distribution channel is growing every week, and it seems that Sandstorm would be a perfect fit for hosting (or self-hosting) instances of CryptPad applications/documents.

My initial experiment with bundling CryptPad as a Sandstorm app is available on the sandstorm-master branch of my fork. (Edit: see the sandstorm-soon branch for the latest.) See .sandstorm/README.md for more information.

Currently, I am troubleshooting some WebSocket connection issues. All of the CryptPad apps launch and load. However, the UI freezes with a WebSocket connection failure message in the JS console. I do plan to submit a PR, once this issue is resolved.

Looks like we got a race condition kids!

Is it possible to upload automatically pictures and store them on the server encrypted?
Maybe automatically resized and a max size of xx.kb
In some documents it would be really usefull.

... Just my two Cents ;)

I'm confused by this sentence in the README (under Security):

It is acceptable for anyone who does not have the key to be able to change anything in the pad or add anything, even the server.

Isn't the whole pad encrypted, making it impossible for anyone without the key to make changes?

Cryptpad.fr states:

NOTE Pads and spreadsheets will be removed after 30 days of inactivity

In actuality, once messages are stored in a channel, they remain until someone manually removes that part of the database. It's only the link to the pad which exists in a browser's localStorage which is cleaned up after 30 days.

It might be nice to add a 'deleteChannel' method to the storage API, such that after some amount of time the channel would get removed. Of course, this would have to be configurable.

WDYT?

On our deployment of cryptpad, there's a glitch with the cursors being confused when more than one person are editing at the same time: this results in conflicting editions where letters are sent to the wrong line, erasure removes letters from another line, etc.

This may be related to #42, however I'd like to know if other people bumped into this, and if there's a way to work around it. What information would help to debug? (I didn't make the installation, so I need to delegate the replies.)

Hello

After a period of time of usage, how can I reset Cryptpad server (to remove all document written before) and start Cryptpad as clean copy?

Thank you very much

Mandarin and Spanish at least?

Is there a command line tool to get the content of a document (outside a browser)?

istening on port 3000
DB connected
[VDThbt+cgFs=:y] registered
[8QxSQ/FfUH8=:y] registered
Removing [8QxSQ/FfUH8=] from channel [u73giBH2D2]
Removing [VDThbt+cgFs=] from channel [u73giBH2D2]
Removing empty channel [u73giBH2D2]
[7T1mGr/H3H4=:y] registered
[7T1mGr/H3H4=:y] registered
[7T1mGr/H3H4=:y] registered
[7T1mGr/H3H4=:y] registered
[7T1mGr/H3H4=:y] registered
[7T1mGr/H3H4=:y] registered
[7T1mGr/H3H4=:y] registered
[xBcR2xfzpLw=:y] registered
Removing [xBcR2xfzpLw=] from channel [u73giBH2D2]
Removing [7T1mGr/H3H4=] from channel [u73giBH2D2]
Error: not opened
at WebSocket.send (/home/luser/cryptpad/node_modules/ws/lib/WebSocket.js:181:16)
at sendMsg (/home/luser/cryptpad/ChainPadSrv.js:61:12)
at /home/luser/cryptpad/ChainPadSrv.js:68:17
at Array.forEach (native)
at /home/luser/cryptpad/ChainPadSrv.js:66:17
at /home/luser/cryptpad/Storage.js:29:9
at /home/luser/cryptpad/node_modules/mongodb/lib/collection.js:345:5
at handleCallback (/home/luser/cryptpad/node_modules/mongodb/lib/utils.js:93:12)
at /home/luser/cryptpad/node_modules/mongodb/lib/collection.js:492:5
at /home/luser/cryptpad/node_modules/mongodb/node_modules/mongodb-core/lib/topologies/server.js:754:13

/home/luser/cryptpad/node_modules/mongodb/lib/utils.js:95
process.nextTick(function() { throw err; });
^
ReferenceError: userPass is not defined
at /home/luser/cryptpad/ChainPadSrv.js:71:33
at Array.forEach (native)
at /home/luser/cryptpad/ChainPadSrv.js:66:17
at /home/luser/cryptpad/Storage.js:29:9
at /home/luser/cryptpad/node_modules/mongodb/lib/collection.js:345:5
at handleCallback (/home/luser/cryptpad/node_modules/mongodb/lib/utils.js:93:12)
at /home/luser/cryptpad/node_modules/mongodb/lib/collection.js:492:5
at /home/luser/cryptpad/node_modules/mongodb/node_modules/mongodb-core/lib/topologies/server.js:754:13
at Callbacks.emit (/home/luser/cryptpad/node_modules/mongodb/node_modules/mongodb-core/lib/topologies/server.js:90:3)
at null.messageHandler (/home/luser/cryptpad/node_modules/mongodb/node_modules/mongodb-core/lib/topologies/server.js:219:23)

Really good and quick one:
http://www.markdowntutorial.com/

Maybe I'm doing something wrong but I can't get task lists or tables in my presentation -
https://guides.github.com/features/mastering-markdown/#GitHub-flavored-markdown

URLs like

.../pad/#/1/edit/1BR ... LTb-

cause problems as the hyphen at the end is not interpreted as part of the URL by mail clients and someone clicking on the link will therefore be directed to a non-existant pad.

Greetings!

Is there a way to use Cryptpad to collaboratively edit a file on the server?

Thanks!

When creating slides, references for links are only defined for a single slide. Example:

[eff]: https://www.eff.org

# Slide 1

[EFF][eff]

---

# Slide two

[EFF][eff]

The first link works, but the second one appears as plaintext of "[EFF][eff]", because the reference is not defined for any slide but the first.

Hi - I find this project absolutely amazing.
Would be absolutely lovely if some automatic deletion could be added if user specifies expiration time.