CryptPad v1.1.1 (Bunyip's revenge)

What's new

stronger Content Security Policy headers harden CryptPad against cross-site scripting (XSS) attacks
new bootloader script for compatibility with CSP headers, which loads scripts and forcefully overrides browser caching issues

More careful handling of strings which are passed into alertify.js
- popup logs are sanitized (always)
- alerts, prompts, confirms are validated by default, and must be overridden with a 'force' flag
fixed pad export vulnerability which allowed XSS
- our very special thanks to Martin Gubri for bringing this to our attention
userlist no longer updates its content as HTML, protecting against XSS
Removed toString api from hyperjson
- new major semver revision used by CryptPad
fixed bug in /slide/ that affected present mode under certain circumstances
removed ugly red outline on images in /slide/
- somehow this snuck in from debugging