Build your own website, community, and audience without giving up control. A collection of themes, widgets, and templates for Hubzilla, Streams, and compatible distributions.
Home Page: https://neuhub.org
License: MIT License
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
Change all references, including the directory name, and all references to that directory, to neuhub-theme or "Neuhub Theme" where appropriate.
One of the conditions of the MIT license is:
"The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software."
But there have been past cases where someone has taken an MIT licensed software, and then relicensed it as APLG or another more restrictive license. While the MIT License does allow them to include MIT licensed code in an APLG project, it does not allow them to remove the copyright notice and MIT license from code they have not significantly altered.
I don't mind if they mix my code with their code which has a more restrictive license. I do mind them removing the copyright and MIT license, which violates the license.
The main issue is that when code with different licenses is mixed, it eventually becomes hard to determine which files belong to which license. To solve that issue, the copyright notice and MIT license will be referenced in every single file.
That way they can restrict their code any way they want, but all of the code I create stays MIT license.
Make it more obvious to the user what is a private message and what is not. Also, make it clear what the privacy settings are for the private messages.
Vulnerable Library - jquery-ui-1.12.1.jsA curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.js
Path to dependency file: /addon/cart/submodules/view/js/jquery-ui-1.12.1/index.html
Path to vulnerable library: /addon/cart/submodules/view/js/jquery-ui-1.12.1/jquery-ui.js,/addon/cart/submodules/view/js/jquery-ui-1.12.1/jquery-ui.js
Found in HEAD commit: ab628d9c01e7444917c00231141a062544f217c6
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in (jquery-ui version) | Remediation Available |
|---|---|---|---|---|---|---|
| CVE-2021-41184 |  Medium |
6.1 | jquery-ui-1.12.1.js | Direct | jquery-ui - 1.13.0 | ❌ |
| CVE-2021-41183 | Medium |
6.1 | jquery-ui-1.12.1.js | Direct | jquery-ui - 1.13.0 | ❌ |
| CVE-2021-41182 | Medium |
6.1 | jquery-ui-1.12.1.js | Direct | jquery-ui - 1.13.0 | ❌ |
| CVE-2022-31160 | Medium |
6.1 | jquery-ui-1.12.1.js | Direct | jquery-ui - 1.13.2 | ❌ |
CVE-2021-41184A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.js
Path to dependency file: /addon/cart/submodules/view/js/jquery-ui-1.12.1/index.html
Path to vulnerable library: /addon/cart/submodules/view/js/jquery-ui-1.12.1/jquery-ui.js,/addon/cart/submodules/view/js/jquery-ui-1.12.1/jquery-ui.js
Dependency Hierarchy:
Found in HEAD commit: ab628d9c01e7444917c00231141a062544f217c6
Found in base branch: main
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. A workaround is to not accept the value of the of option from untrusted sources.
Publish Date: 2021-10-26
URL: CVE-2021-41184
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184
Release Date: 2021-10-26
Fix Resolution: jquery-ui - 1.13.0
Step up your Open Source Security Game with Mend here
CVE-2021-41183A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.js
Path to dependency file: /addon/cart/submodules/view/js/jquery-ui-1.12.1/index.html
Path to vulnerable library: /addon/cart/submodules/view/js/jquery-ui-1.12.1/jquery-ui.js,/addon/cart/submodules/view/js/jquery-ui-1.12.1/jquery-ui.js
Dependency Hierarchy:
Found in HEAD commit: ab628d9c01e7444917c00231141a062544f217c6
Found in base branch: main
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.
Publish Date: 2021-10-26
URL: CVE-2021-41183
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183
Release Date: 2021-10-26
Fix Resolution: jquery-ui - 1.13.0
Step up your Open Source Security Game with Mend here
CVE-2021-41182A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.js
Path to dependency file: /addon/cart/submodules/view/js/jquery-ui-1.12.1/index.html
Path to vulnerable library: /addon/cart/submodules/view/js/jquery-ui-1.12.1/jquery-ui.js,/addon/cart/submodules/view/js/jquery-ui-1.12.1/jquery-ui.js
Dependency Hierarchy:
Found in HEAD commit: ab628d9c01e7444917c00231141a062544f217c6
Found in base branch: main
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted sources.
Publish Date: 2021-10-26
URL: CVE-2021-41182
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182
Release Date: 2021-10-26
Fix Resolution: jquery-ui - 1.13.0
Step up your Open Source Security Game with Mend here
CVE-2022-31160A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.js
Path to dependency file: /addon/cart/submodules/view/js/jquery-ui-1.12.1/index.html
Path to vulnerable library: /addon/cart/submodules/view/js/jquery-ui-1.12.1/jquery-ui.js,/addon/cart/submodules/view/js/jquery-ui-1.12.1/jquery-ui.js
Dependency Hierarchy:
Found in HEAD commit: ab628d9c01e7444917c00231141a062544f217c6
Found in base branch: main
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the label in a span.
Publish Date: 2022-07-20
URL: CVE-2022-31160
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160
Release Date: 2022-07-20
Fix Resolution: jquery-ui - 1.13.2
Step up your Open Source Security Game with Mend here
Make a dedicated page for private messages. HQ is great for seeing the latest private messages, but is not ideal if you have a lot of them. So a dedicated page for private messages, with the ability to search and filter would be nice.
Also, it is not obvious to new users that Hubzilla can even send and receive private messages.
Since users can delete their own comments, display a message "this comment has been deleted" instead of the comment in the forum post view.
This is important for keeping the integrity of the conversation intact. While the comment itself is gone, it is useful to know that there used to be a comment there, especially if someone responded to it.
A script that installs Neuhub via a web browser interface, similar to WordPress' install script or Softalicious' install script for Hubzilla.
For fresh installs, it gives people the choice of Hubzilla or Streams (and possibly other actively maintained projects) and installs both Neuhub and the selected script. This script would not be intended for existing installations.
There is already some work being done on an installer for Streams. Perhaps a combined installer that includes the option to install Neuhub as well.
Possible procedure:
Vulnerable Library - jquery-1.12.4.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js
Path to dependency file: /addon/cart/submodules/view/js/jquery-ui-1.12.1/index.html
Path to vulnerable library: /addon/cart/submodules/view/js/jquery-ui-1.12.1/external/jquery/jquery.js,/addon/cart/submodules/view/js/jquery-ui-1.12.1/external/jquery/jquery.js
Found in HEAD commit: ab628d9c01e7444917c00231141a062544f217c6
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (jquery version) | Remediation Available |
|---|---|---|---|---|---|---|
| CVE-2020-11023 | Medium |
6.1 | jquery-1.12.4.js | Direct | jquery - 3.5.0;jquery-rails - 4.4.0 | ❌ |
| CVE-2020-11022 | Medium |
6.1 | jquery-1.12.4.js | Direct | jQuery - 3.5.0 | ❌ |
| CVE-2015-9251 | Medium |
6.1 | jquery-1.12.4.js | Direct | jQuery - 3.0.0 | ❌ |
| CVE-2019-11358 | Medium |
6.1 | jquery-1.12.4.js | Direct | jquery - 3.4.0 | ❌ |
CVE-2020-11023JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js
Path to dependency file: /addon/cart/submodules/view/js/jquery-ui-1.12.1/index.html
Path to vulnerable library: /addon/cart/submodules/view/js/jquery-ui-1.12.1/external/jquery/jquery.js,/addon/cart/submodules/view/js/jquery-ui-1.12.1/external/jquery/jquery.js
Dependency Hierarchy:
Found in HEAD commit: ab628d9c01e7444917c00231141a062544f217c6
Found in base branch: main
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0
Step up your Open Source Security Game with Mend here
CVE-2020-11022JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js
Path to dependency file: /addon/cart/submodules/view/js/jquery-ui-1.12.1/index.html
Path to vulnerable library: /addon/cart/submodules/view/js/jquery-ui-1.12.1/external/jquery/jquery.js,/addon/cart/submodules/view/js/jquery-ui-1.12.1/external/jquery/jquery.js
Dependency Hierarchy:
Found in HEAD commit: ab628d9c01e7444917c00231141a062544f217c6
Found in base branch: main
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with Mend here
CVE-2015-9251JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js
Path to dependency file: /addon/cart/submodules/view/js/jquery-ui-1.12.1/index.html
Path to vulnerable library: /addon/cart/submodules/view/js/jquery-ui-1.12.1/external/jquery/jquery.js,/addon/cart/submodules/view/js/jquery-ui-1.12.1/external/jquery/jquery.js
Dependency Hierarchy:
Found in HEAD commit: ab628d9c01e7444917c00231141a062544f217c6
Found in base branch: main
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - 3.0.0
Step up your Open Source Security Game with Mend here
CVE-2019-11358JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js
Path to dependency file: /addon/cart/submodules/view/js/jquery-ui-1.12.1/index.html
Path to vulnerable library: /addon/cart/submodules/view/js/jquery-ui-1.12.1/external/jquery/jquery.js,/addon/cart/submodules/view/js/jquery-ui-1.12.1/external/jquery/jquery.js
Dependency Hierarchy:
Found in HEAD commit: ab628d9c01e7444917c00231141a062544f217c6
Found in base branch: main
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: jquery - 3.4.0
Step up your Open Source Security Game with Mend here
Currently, the flow is as follows:
The desired flow:
While it is true that you can correctly do all of those things when you arrive at the dialog to set your permissions, it is important for end users to have obvious and apparent choices that are only one click away.
For example, you can click on the avatar for the channel to get back to the channel, but a new user might not realize that.
Or they might miss the notification in the corner of the screen and not realize that the permissions were already set, and then press the submit button again.
For non-technical users, and new users, you have to guide them more than a user already familiar with the system.
For some reason, /item/xxx does not correctly show public forum posts. It incorrectly treats public forum posts as being privately owned by the forum and therefore blocks anyone else from viewing the forum post.
And, every forum post links to the /item/xxx page, meaning that no one can view the forum post on the forum itself.
Vulnerable Library - jquery-ui-1.12.1.min.jsA curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Path to vulnerable library: /addon/cart/submodules/view/js/jquery-ui-1.12.1/jquery-ui.min.js
Found in HEAD commit: ab628d9c01e7444917c00231141a062544f217c6
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (jquery-ui version) | Remediation Available |
|---|---|---|---|---|---|---|
| CVE-2021-41184 | Medium |
6.1 | jquery-ui-1.12.1.min.js | Direct | jquery-ui - 1.13.0 | ❌ |
| CVE-2021-41183 | Medium |
6.1 | jquery-ui-1.12.1.min.js | Direct | jquery-ui - 1.13.0 | ❌ |
| CVE-2021-41182 | Medium |
6.1 | jquery-ui-1.12.1.min.js | Direct | jquery-ui - 1.13.0 | ❌ |
| CVE-2022-31160 | Medium |
6.1 | jquery-ui-1.12.1.min.js | Direct | jquery-ui - 1.13.2 | ❌ |
CVE-2021-41184A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Path to vulnerable library: /addon/cart/submodules/view/js/jquery-ui-1.12.1/jquery-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: ab628d9c01e7444917c00231141a062544f217c6
Found in base branch: main
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. A workaround is to not accept the value of the of option from untrusted sources.
Publish Date: 2021-10-26
URL: CVE-2021-41184
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184
Release Date: 2021-10-26
Fix Resolution: jquery-ui - 1.13.0
Step up your Open Source Security Game with Mend here
CVE-2021-41183A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Path to vulnerable library: /addon/cart/submodules/view/js/jquery-ui-1.12.1/jquery-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: ab628d9c01e7444917c00231141a062544f217c6
Found in base branch: main
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.
Publish Date: 2021-10-26
URL: CVE-2021-41183
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183
Release Date: 2021-10-26
Fix Resolution: jquery-ui - 1.13.0
Step up your Open Source Security Game with Mend here
CVE-2021-41182A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Path to vulnerable library: /addon/cart/submodules/view/js/jquery-ui-1.12.1/jquery-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: ab628d9c01e7444917c00231141a062544f217c6
Found in base branch: main
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted sources.
Publish Date: 2021-10-26
URL: CVE-2021-41182
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182
Release Date: 2021-10-26
Fix Resolution: jquery-ui - 1.13.0
Step up your Open Source Security Game with Mend here
CVE-2022-31160A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Path to vulnerable library: /addon/cart/submodules/view/js/jquery-ui-1.12.1/jquery-ui.min.js
Dependency Hierarchy:
Found in HEAD commit: ab628d9c01e7444917c00231141a062544f217c6
Found in base branch: main
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the label in a span.
Publish Date: 2022-07-20
URL: CVE-2022-31160
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160
Release Date: 2022-07-20
Fix Resolution: jquery-ui - 1.13.2
Step up your Open Source Security Game with Mend here
Before releasing, rewrite the existing readme files, and write new installation documents.
Some basic customization options for site admins, such as being able to define the name, the logo, and the left sidebar.
Update license files to comply with the MIT license conditions. Since multiple sources of code are used, we have to have multiple licenses included in the distribution.
Some people do not realize that cloning a channel on an untrusted website is a security risk. To make users aware of the risk, there should be a warning that says:
/!\ Caution! Only clone your identity on websites that you trust.
Or something similar.
In situations where a forum post is publicly visible, and therefore indexable by a search engine, it should include a canonical tag that tells it where the original post is located.
This will prevent duplicate content issues with search engines, and also direct traffic back to the forum where the post is located.
Since the channels and forums on a website can look similar, it is easy to accidentally post on the wrong channel or forum. Also, in some contexts, it is unclear if you are sharing a post on your own wall or if you are posting to a channel.
Somewhere around the Share form, it should indicate what exactly happens when you submit that form. It should be clear what that form does.
A way for administrators to update Hubzilla/Streams and Neuhub without a command line, and preferably via a web browser.
Integrating Hubzilla's notification system into the Neuhub theme.
While the item and display views use long post ids in their URL, the forum post view page should use post slugs instead.
Note:
The slug is only meant for viewing the post on the original forum and is only used for linking back to the original post on the original forum. It is not intended to replace the unique post ID used for federation.
The purpose of the slug is for SEO purposes, and to make the URL look more friendly, and possibly shorter.
Add a local copy of Popper.js to comply with Content Security Policy
When you manage forums, you wind up with a channel for each forum and wind up switching back and forth between them. It is easy to accidentally post a comment under the wrong channel's name. This also helps if you have multiple websites, and forget that you are logged in as a different channel on a different website.
Perhaps adding the logged-in channel's avatar next to the submit button would remind the user which channel they are currently posting as.
The dropdown navigation at the top of the page on the Neuhub theme does not work in Firefox.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
