bastodon/public
rinsuki 6e736f2452
fix: embed.js doesn't expands iframes height (#18301)
also including some refactoring:
- add `// @ts-check`
- use Map to completely avoid prototype pollution
- assign random id to each iframe for reduce chance to brute-force attack, and leak of iframe counts
- check iframe.contentWindow and MessageEvent.source to validate message is coming from correct iframe (it works on latest Chrome/Firefox/Safari but I'm not sure this is allowed by spec)

follow-up of #17420
fix #18299
2022-05-04 03:20:44 +02:00
..
avatars/original add new avatar placeholder missing.png (#6728) 2018-03-11 14:55:38 +01:00
emoji Fix light-mode emoji borders. (#18131) 2022-04-29 19:23:03 +02:00
headers/original
ocr/lang-data
shortcuts Add app shortcuts (#15234) 2020-12-15 02:04:56 +01:00
sounds
500.html
android-chrome-192x192.png
apple-touch-icon.png
badge.png
browserconfig.xml New logo (#4306) 2017-07-23 02:40:39 +02:00
embed.js fix: embed.js doesn't expands iframes height (#18301) 2022-05-04 03:20:44 +02:00
favicon-dev.ico
favicon.ico
inert.css Remove 'unsafe-inline' from Content-Security-Policy style-src (#13679) 2020-05-08 21:22:57 +02:00
mask-icon.svg
mstile-150x150.png
oops.gif New error page graphic. Other error page improvements (#5099) 2017-09-25 23:05:54 +02:00
oops.png
robots.txt
sw.js fix #4356 : place sw.js to assets/sw.js (#4357) 2017-07-28 01:55:52 +02:00
web-push-icon_expand.png
web-push-icon_favourite.png
web-push-icon_reblog.png Use consistent icons for web push notifications, same as web UI (#4426) 2017-07-28 18:13:42 +02:00