Anand Chowdhary

AnandChowdhary/gitwriter

Build status Netlify status Dependencies GitHub Vulnerabilities

GitWriter is the easiest way to version control your thoughts. Write in Markdown, auto save every minute like Google Docs. Easy.

⭐ Usage

Login with GitHub, choose your repo and file, and just start writing.

The service is frontend-only and only uses local storage for your token. Since GitHub’s OAuth endpoints don’t support CORS, it also uses Cors Anywhere.

Screenshot

🛠 Development

Start development server with:

yarn serve

XSS vulnerability

Because GitWriter uses simplemde, it’s open to XSS: CVE-2018-19057. Since you’re writing Markdown which compiles to HTML, you can add JavaScript on things like the img tag’s onerror attribute. However, GitHub strips any JavaScript from Markdown files, so it will only be executed on the GitWriter site, not on GitHub.

Todo

  • Autosaving
  • Add support for saving every 2 minutes if it’s dirty (interval, not just on text change)
  • Before unloading the page, make sure it’s saved
  • Use localStorage for every change, so you don’t lose anything
  • Better auto-commit message
  • Add login with GitHub (integrate GitHub App, not personal token)
  • Show all repos, support filter/search

License

MIT