blallo/tt-rss
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
8394 commits 3 branches 0 tags 76 MiB
Commit graph

8394 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andrew Dolgov
58210301e0 add HOOK_ENCLOSURE_ENTRY for af_zz_imgproxy 2017-02-12 16:01:28 +03:00
Andrew Dolgov
3891782cf5 Merge branch 'fix-target-blank-vulnerability' into 'master' 
Prevent target='_blank' vulnerability on dynamic link

This merge request refere to https://tt-rss.org/forum/viewtopic.php?f=8&t=4048

It fix the issue I enconter on some feeds I follow.
Just need to add "noopener" and "noreferrer" on "_blank" link to avoid the vulnerability.

See merge request !46
 2017-02-12 14:19:37 +03:00
Jérémy DECOOL
ba2853caac Prevent target='_blank' vulnerability on dynamic link 2017-02-12 11:01:36 +01:00
Andrew Dolgov
2187322cae af_zz_imgproxy: redirect to caller url unless called in user context 2017-02-10 22:02:30 +03:00
Andrew Dolgov
4daaf23491 allow user plugins to expose public methods out in a limited fashion 2017-02-10 16:04:28 +03:00
Andrew Dolgov
fafd32e2dc use get_self_url_prefix() when rewriting cached images 2017-02-10 15:14:47 +03:00
Andrew Dolgov
dc8bd8a640 add some print_checkbox/print_button calls; rename some plugin preference pane titles 2017-02-10 14:57:25 +03:00
Andrew Dolgov
51198e7e40 af_zz_imgproxy: urlencode() url parameter, DUH 2017-02-10 14:41:11 +03:00
Andrew Dolgov
328118d12e use print_hidden() for hidden dojo form fields 2017-02-10 14:36:21 +03:00
Andrew Dolgov
8cf37284e7 af_zz_imgproxy: add optional setting to proxy all remote images 
functions: add some form helper methods
 2017-02-10 14:17:18 +03:00
Andrew Dolgov
38b3998bbc af_zz_imgproxy: use inline disposition, misc updates 2017-02-10 12:37:21 +03:00
Andrew Dolgov
c93d43c617 update af_zz_imgproxy to plug into built-in image caching 2017-02-10 12:12:09 +03:00
Andrew Dolgov
7818bfde0b sanitize: properly handle cached content in archived articles 2017-02-10 12:11:09 +03:00
Andrew Dolgov
c4ebf01e69 add af_zz_imgproxy (initial) 2017-02-10 10:30:48 +03:00
Andrew Dolgov
70c0a8c2e0 pass several image files used in notify messages to frontend as base64 to prevent broken error messages in case network connection is down. also, update some close buttons to show correct cursor. 2017-02-09 23:19:26 +03:00
Andrew Dolgov
3188e863b3 handle_rpc_json: fix netalert button never appearing on JSON parse error 2017-02-09 23:04:34 +03:00
Andrew Dolgov
829d478f1b add some protection against opener attacks if external site is opened via window.open() 2017-02-08 15:07:05 +03:00
Andrew Dolgov
23c8ef7e36 parse_counters: skip subscribed-feeds id properly 2017-02-04 14:50:50 +03:00
Andrew Dolgov
9c7ebaa08c cached_image: remove unnecessary basename() 2017-02-04 12:02:17 +03:00
Andrew Dolgov
6358d70d5e reset local counter cache when feed count changes 2017-02-04 11:57:31 +03:00
Andrew Dolgov
5edd605ae1 image cache: do not try to cache data: schema urls; add caching of html5 video content (similar to cache_starred_images plugin) 2017-02-04 11:50:01 +03:00
Andrew Dolgov
0442cbb6c1 image cache: send files as content-disposition: attachment; add .png suffix to image urls 2017-02-04 11:32:24 +03:00
Andrew Dolgov
60e97d9e63 af_redditimgur: inline streamable.com videos 2017-01-29 14:36:37 +03:00
Andrew Dolgov
f45a1152bb af_readability: force utf8 preamble on html document load. no idea why but it seems to work better even for not-unicode sites. 2017-01-28 14:24:48 +03:00
Andrew Dolgov
24c7e4132d subscribe dialog: do not report errors via alert() 
fetch_file_contents: reset all globals on start, return error message body when not using curl
subscribe_to_feed: report if cloudflare is in the error message
 2017-01-28 12:45:49 +03:00
Andrew Dolgov
80fbc1fdc4 compact.css: remove version tag 2017-01-26 22:43:57 +03:00
Andrew Dolgov
181c8285dd add compact theme with smaller font 2017-01-26 22:41:18 +03:00
Andrew Dolgov
22387de225 preferences: set themes dropdown to default if selected theme is missing 2017-01-26 22:37:22 +03:00
Andrew Dolgov
7d9aac9afa remove default.css 2017-01-25 12:18:15 +03:00
Andrew Dolgov
e432b8fbe2 implement cache-busting for default theme.css 
night theme: small fixes
 2017-01-25 12:17:41 +03:00
Andrew Dolgov
7c04f8afeb increase content font size by 1px 2017-01-25 11:22:53 +03:00
Andrew Dolgov
553ec3c351 pass article guid to hook_render_article 2017-01-25 08:50:42 +03:00
Andrew Dolgov
e304c1473b Merge branch 'fix-sanitize-dfn' into 'master' 
sanitize: allow <dfn> tag

### In brief
* Add `<dfn>` tag to allowed tags list
  * `<dfn>` represents the defining instance of a term in HTML
  * More [information about `<dfn>` on the w3school's website](http://www.w3schools.com/tags/tag_dfn.asp )

### Example
This stops article content such as...
```
Indian tea harvests are divided up by <dfn>flush</dfn>.
```
...from getting turned into...
```
Indian tea harvests are divided up by .
```

See merge request !45
 2017-01-25 08:43:50 +03:00
Shane Synan
311cdb27f4 sanitize: allow dfn tag 
Add <dfn> tag to allowed tags list.  <dfn> represents the defining
instance of a term in HTML.
 2017-01-24 18:39:17 -06:00
Andrew Dolgov
e3cdbd87bc Merge branch 'more-af-comics' into 'master' 
Support hyphens in GoComics URLs.



See merge request !44
 2017-01-24 23:08:21 +03:00
JustAMacUser
051737e931 Support hyphens in GoComics URLs. 2017-01-24 15:06:46 -05:00
Andrew Dolgov
3b001e4330 support rel=noopener for links 2017-01-24 18:45:25 +03:00
Andrew Dolgov
e934d63e0c fetch_file_contents: rework the way shim works to prevent intermittent warnings 2017-01-24 15:11:13 +03:00
Andrew Dolgov
67268b0017 sanitize: allow acronym tag 2017-01-24 11:36:43 +03:00
Andrew Dolgov
d2c3e846c4 add some vertical space to diijt menu items 2017-01-23 19:21:25 +03:00
Andrew Dolgov
cb3f877303 reference pubsubhubbub classes using their namespace 2017-01-23 08:20:46 +03:00
Andrew Dolgov
141df0c4cf Merge branch 'af-comics-ui' into 'master' 
Added feed URL instructions for GoComics.

GoComics feed URL syntax now included on existing Prefs page for af_comics plugin.

See merge request !43
 2017-01-22 21:57:31 +03:00
JustAMacUser
a25c3c2998 Added feed URL instructions for GoComics. 2017-01-22 13:52:25 -05:00
Andrew Dolgov
ad326dbf78 unpackVisibleHeadlines: do not iterate over all RROWs all the time 2017-01-22 20:57:16 +03:00
Andrew Dolgov
70c5b2bfcc feed tree: only run animation for appearing unread counters to prevent clashes with aux counter updating and animations ending up in wrong state 2017-01-22 20:20:35 +03:00
Andrew Dolgov
3bc1b53772 initHeadlinesMenu: remove unneeded output 2017-01-22 19:58:17 +03:00
Andrew Dolgov
974c6eb523 attach headline menu objects to correct DOM nodes in combined mode 2017-01-22 19:57:16 +03:00
Andrew Dolgov
d5f74019ac parse_counters: cache previous reply and skip processing of unchanged rows (better implementation) 2017-01-22 19:38:07 +03:00
Andrew Dolgov
a4e04c498f parse_counters: cache previous reply and skip processing of unchanged rows 2017-01-22 19:29:14 +03:00
Andrew Dolgov
e1f7b05b52 reuse menu objects while appending headline rows 2017-01-22 19:20:23 +03:00