Fixes a security vulnerability in the postMessage API. The follow methods are now blacklisted and can not be called via the postMessage API: registerPlugin, registerKeyboardShortcut, addKeyBinding, addEventListener.
3.9.1
This version contains no changes. It was only released to bump the published version on npm.
Adds postMessage callbacks. Makes it possible to use the postMessage API to invoke reveal.js methods with return values.
The pacing timer functionality now accepts a total time for the whole presentation. Timing was previously worked out on a per-slide level. (#2400 by longtime reveal.js contributor @fghaas!)
Background iframes no longer preload by default. They load when you arrive at the given slide. This unifies the behavior of in-slide and background iframes. Learn how to turn on preloading.
The slide number format specified through slideNumber is now honored in PDF exports. (#2337 by @dougalsutherland)
(4c557a5959b3ad909056df6cb46c5bf56a0da8ee)
Adds data-fragment=<index> to any slide with fragments in it. This lets you target specific fragment states with CSS like section[data-fragment="2"] { ... }.
Adds Reveal.getHorizontalSlides() and Reveal. getVerticalSlides() for getting all horizontal/vertical slides in a deck.
Adds Reveal.hasHorizontalSlides() and Reveal. hasVerticalSlides() for checking whether or not a deck contains any horizontal or vertical slides.
Adds mobileViewDistance configuration option. Mobile view distance was previously hardcoded at 2. (#2513 by @TuurDutoit)
Switches to CSS transforms to scale decks up on HDPI displays. Previous use of CSS zoom produced sharper results but led to side effects such as iframes not scaling with the deck content.
Switches first/last slide keyboard shortcuts from ⌘←/⌘→ to Shift←/Shift→. The old shortcut conflicted with browser back/forward.
Updates highlight.js from 9.11.0 to 9.18.0
Bug fixes:
Fixes an issue where the navigation down-arrow was blocked by the progress bar (#2410 by @NoriSte).
Fixes swipe navigation for decks with navigationMode set to linear (#2416 by @earboxer).
Fixes vertical overflow in iPadOS Safari.
Fixes inconsistent fragment slide animations by translating by a fixed unit.
Fixes failing npm install because of outdated dependencies.
Fixes exception when highlighting empty code blocks.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Bumps reveal.js from 3.8.0 to 3.9.2.
Release notes
Sourced from reveal.js's releases.
Commits
94d98ff
3.9.2 security releaseb6cc6b4
blacklist some method from the postMessage API to prevent XSSd213fac
add note about supporting reveal.js via Slideseaf3988
3.9.1 because a local edit made it into npm003a848
update to highlight.js 9.18.0 #256233ed32c
add step-by-step highlights to readme8a54118
npm audit fix 😶45f468c
3.9.0a59b141
Merge branch 'pdf-slide-numbers' of https://github.com/dougalsutherland/revea...281b518
Merge pull request #2499 from jocaml/patch-1Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)