From 098a685e2734e72983c071474c58ab67adbcb33c Mon Sep 17 00:00:00 2001
From: apl <apl@heise.de>
Date: Fri, 13 Apr 2018 08:58:18 +0200
Subject: [PATCH 1/8] fix installation instructions

---
 README-de.md | 17 +++++++++--------
 README.md    | 13 +++++++------
 2 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/README-de.md b/README-de.md
index 647823db..4fd68a67 100644
--- a/README-de.md
+++ b/README-de.md
@@ -13,14 +13,15 @@ Shariff besteht aus zwei Teilen. Der erste Teil ist eine einfache JavaScript-Bib
 ## Erste Schritte
 
 1. Das [aktuellste Shariff-Release](https://github.com/heiseonline/shariff/releases/latest) herunterladen
-2.  CSS im `<head>` einbinden:
-    * `build/shariff.complete.css` enthält alle Abhängigkeiten
-    * `build/shariff.min.css` verwenden, wenn [Font Awesome](https://github.com/FortAwesome/Font-Awesome) bereits in Ihrer Seite geladen wird
-3. JavaScript unmittelbar vor `</body>` einbinden:
-    * `build/shariff.complete.js` enthält alle Abhängigkeiten
-    * `build/shariff.min.js` verwenden, wenn [jQuery](https://github.com/jquery/jquery) bereits in der Seite vorhanden ist
-4. Beliebig viele `<div class="shariff">` Elemente einfügen
-5. Mit den unten beschriebenen `data`-Attributen Aussehen und Funktion konfigurieren
+2. Alle im Release enthaltenen Dateien hochladen
+3.  CSS im `<head>` einbinden:
+    * `shariff.complete.css` verlässt sich auf die im Release enthaltenen Abhängigkeiten
+    * `shariff.min.css` verwenden, wenn [Font Awesome](https://github.com/FortAwesome/Font-Awesome) bereits in Ihrer Seite geladen wird
+4. JavaScript unmittelbar vor `</body>` einbinden:
+    * `shariff.complete.js` verlässt sich auf die im Release enthaltenen Abhängigkeiten
+    * `shariff.min.js` verwenden, wenn [jQuery](https://github.com/jquery/jquery) bereits in der Seite vorhanden ist
+5. Beliebig viele `<div class="shariff">` Elemente einfügen
+6. Mit den unten beschriebenen `data`-Attributen Aussehen und Funktion konfigurieren
 
 Die Share-Counts in den Buttons benötigen ein [Backend](#backends) auf ihrem Server.
 
diff --git a/README.md b/README.md
index c4251d2d..48d8450d 100644
--- a/README.md
+++ b/README.md
@@ -14,14 +14,15 @@ Shariff consists of two parts: a simple JavaScript client library and an optiona
 ## Getting Started
 
 1. Download the [latest release](https://github.com/heiseonline/shariff/releases/latest)
-2. Include CSS in `<head>`:
-    * `build/shariff.complete.css` contains all dependencies
+2. Upload all files included in the release
+3. Include CSS in `<head>`:
+    * `shariff.complete.css` uses the dependencies included in the release files
     * if [Font Awesome](https://github.com/FortAwesome/Font-Awesome) is already included in your site, use `build/shariff.min.css`
-3. Include JavaScript right before `</body>`:
-    * `build/shariff.complete.js` contains all dependencies
+4. Include JavaScript right before `</body>`:
+    * `shariff.complete.js` uses the dependencies included in the release files
     * if [jQuery](https://github.com/jquery/jquery) is already included in your site, use `build/shariff.min.js`
-4. Insert one or more `<div class="shariff">` elements.
-5. Customize the look using data-* attributes.
+5. Insert one or more `<div class="shariff">` elements.
+6. Customize the look using data-* attributes.
 
 To enable the counters in the buttons, see section [Backends](#backends).
 

From 2262ca21ee67ed08324b95daa6861f87af61fa50 Mon Sep 17 00:00:00 2001
From: so-ri <so-ri@users.noreply.github.com>
Date: Sun, 15 Apr 2018 22:38:50 +0200
Subject: [PATCH 2/8] added link to the Yellow CMS plugin

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 48d8450d..82b9c47f 100644
--- a/README.md
+++ b/README.md
@@ -191,3 +191,4 @@ This is a list of integrations for third-party systems:
 * [WordPress Plugin Shariff Wrapper](https://wordpress.org/plugins/shariff/)
 * [Xenforo [ITM] ctSSB for Xenforo 1.5](https://github.com/McAtze/-ITM-ctShariffSocialButtons)
 * [Xenforo [WMTech] Social Share Privacy Plugin](https://wmtech.net/products/wmtech-social-share-privacy.41/)
+* [Yellow Plugin Shariff](https://github.com/schulle4u/yellow-plugin-shariff)

From aa310308bb7af9307545985f5a76cb9a7f59bd96 Mon Sep 17 00:00:00 2001
From: so-ri <so-ri@users.noreply.github.com>
Date: Sun, 15 Apr 2018 22:40:29 +0200
Subject: [PATCH 3/8] added link to the Yellow CMS plugin

---
 README-de.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README-de.md b/README-de.md
index 4fd68a67..a22a2a6a 100644
--- a/README-de.md
+++ b/README-de.md
@@ -189,3 +189,4 @@ Bekannte Shariff-Integrationen für Drittanbieter-Systeme:
 * [WordPress-Plugin Shariff Wrapper](https://wordpress.org/plugins/shariff/)
 * [Xenforo [ITM] ctSSB für Xenforo 1.5](https://github.com/McAtze/-ITM-ctShariffSocialButtons)
 * [Xenforo [WMTech] Social Share Privacy Plugin](https://wmtech.net/products/wmtech-social-share-privacy.41/)
+* [Yellow Plugin Shariff](https://github.com/schulle4u/yellow-plugin-shariff)

From 9566c9a3098908aad765d751f45ac75b4a9d4871 Mon Sep 17 00:00:00 2001
From: Markus Klein <markus.klein@reelworx.at>
Date: Mon, 16 Apr 2018 23:01:34 +0200
Subject: [PATCH 4/8] [TASK] Update package-lock.json to match dependencies

---
 package-lock.json | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index b9b535c2..3fc7186d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,9 +1,14 @@
 {
   "name": "shariff",
-  "version": "2.0.4",
+  "version": "3.0.0",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
+    "@fortawesome/fontawesome-free-webfonts": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/@fortawesome/fontawesome-free-webfonts/-/fontawesome-free-webfonts-1.0.3.tgz",
+      "integrity": "sha512-ZWCFi5hly41jWbVmpmfx97WoGh/8dMDQknrFL6Ax7T7ht4AIZOYL7dmLfrVVI8vsml7VCZvKSImLeHubHbyDQA=="
+    },
     "accepts": {
       "version": "1.3.3",
       "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.3.tgz",
@@ -3757,11 +3762,6 @@
       "integrity": "sha1-2uRqnXj74lKSJYzB54CkHZXAN4I=",
       "dev": true
     },
-    "@fortawesome/fontawesome-free-webfonts": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/@fortawesome/fontawesome-free-webfonts/-/fontawesome-free-webfonts-1.0.3.tgz",
-      "integrity": "sha512-ZWCFi5hly41jWbVmpmfx97WoGh/8dMDQknrFL6Ax7T7ht4AIZOYL7dmLfrVVI8vsml7VCZvKSImLeHubHbyDQA=="
-    },
     "for-in": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/for-in/-/for-in-1.0.2.tgz",

From 0134dfb5d49bba099a8124268b066cae1a315ee4 Mon Sep 17 00:00:00 2001
From: Markus Klein <markus.klein@reelworx.at>
Date: Mon, 16 Apr 2018 23:02:12 +0200
Subject: [PATCH 5/8] [SECURITY] Handle HTML input to twitter abbreviateText
 safely

Fixes: #316
---
 src/js/services/twitter.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/js/services/twitter.js b/src/js/services/twitter.js
index 27d13686..596c7f02 100644
--- a/src/js/services/twitter.js
+++ b/src/js/services/twitter.js
@@ -5,7 +5,8 @@ var url = require('url')
 // abbreviate at last blank before length and add "\u2026" (horizontal ellipsis)
 var abbreviateText = function(text, length) {
   var div = document.createElement('div')
-  div.innerHTML = text
+  var node = document.createTextNode(text)
+  div.appendChild(node)
   var abbreviated = div.textContent
   if (abbreviated.length <= length) {
     return text

From 2be78999c895d3a0e742d04caba5eea0514dce34 Mon Sep 17 00:00:00 2001
From: apl <apl@heise.de>
Date: Tue, 17 Apr 2018 07:59:29 +0200
Subject: [PATCH 6/8] update changelog

---
 CHANGELOG.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b88af16b..417bb260 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## Unreleased
+
+This release contains changes relevant to security:
+
+- Fixed XSS vulnerability discovered by JoJoAction in twitter service. (liayn)
+
 ## v3.0.0, 2018-03-15
 
 - Added smaller share button variants. (richard67)

From 493f0d7445146088bc2d33083008f9850b71f758 Mon Sep 17 00:00:00 2001
From: apl <apl@heise.de>
Date: Tue, 17 Apr 2018 08:05:00 +0200
Subject: [PATCH 7/8] update changelog

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 417bb260..1debbe01 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## Unreleased
 
+- Added Yellow CMS third party integration. (so-ri)
+
 This release contains changes relevant to security:
 
 - Fixed XSS vulnerability discovered by JoJoAction in twitter service. (liayn)

From 8eff2472b11643c40f75cecba45f7ca013e2bf5e Mon Sep 17 00:00:00 2001
From: apl <apl@heise.de>
Date: Tue, 17 Apr 2018 08:08:29 +0200
Subject: [PATCH 8/8] bump to version 3.0.1

---
 CHANGELOG.md      | 2 +-
 package-lock.json | 2 +-
 package.json      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1debbe01..b2aed469 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,6 @@
 # Changelog
 
-## Unreleased
+## v3.0.1, 2018-04-17
 
 - Added Yellow CMS third party integration. (so-ri)
 
diff --git a/package-lock.json b/package-lock.json
index 3fc7186d..a1baec15 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "shariff",
-  "version": "3.0.0",
+  "version": "3.0.1",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index dc82eeee..bc84968d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "shariff",
-  "version": "3.0.0",
+  "version": "3.0.1",
   "description": "Shariff enables website users to share their favorite content without compromising their privacy.",
   "main": "src/js/shariff.js",
   "scripts": {