renun/NetNewsWire
1
0
Fork 0
mirror of https://github.com/Ranchero-Software/NetNewsWire synced 2025-08-12 06:26:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8,678 Commits 22 Branches 186 Tags
18087c19efd8eb520e67d7d667cc5fb127d1e2e2
Commit Graph

1436 Commits

Author SHA1 Message Date
Wade Tregaskis
bc15440ded Now set the correct base URL for each article's webview, and now load app JavaScripts as WebKit "user" scripts. 
Setting the real base URL (rather than using a file URL pointing to the app's Resources folder) allows relative URLs to work correctly within the article, such as for images, and is compatible with Cross-Site-Origin policies that restrict use of resources outside of the origin domain.

It also implicitly eliminates access to the local file system from within the webview, as the use of a non-file base URL makes WebKit treats the webview's content as being from a remote server, and its default security policy is to then disallow local file access (except with explicit user action, such as drag-and-drop or via an `input` form element).

Note: the base URL is currently typically taken from the feed itself (specifically the "link" feed (channel) metadata).  That is controlled by the feed author (or a man-in-the-middle attacker).  It should perhaps be validated to ensure it's actually an HTTP/HTTPS URL, to prevent security problems.

The app-specific JavaScripts - used for fixing styling issues and the like - are now formally loaded as extensions to the web page, "user scripts" in WebKit parlance.  They're isolated to their own JavaScript world - meaning they can't be seen or manipulated by JavaScript from the feed article itself, and are more secure as a result.

Fixes #4156.

Co-Authored-By: Brent Simmons <1297121+brentsimmons@users.noreply.github.com>
 2023-11-22 13:47:54 -08:00
Brent Simmons
e9f26c9adc Merge pull request #4153 from vincode-io/fix-article-extractor-button-right-click 
Fix article extractor button right click for Sonoma
 2023-11-19 21:23:21 -08:00
Maurice Parker
c0f11ea91a Remove extraneous character 2023-11-11 12:57:10 -06:00
Maurice Parker
96dd6cea16 Fix regression that didn't allow any events to register 2023-11-11 12:53:12 -06:00
Maurice Parker
f9e7de718d Update right click toolbar code for Sonoma 2023-11-11 12:43:02 -06:00
Brent Simmons
98c8135d04 Convert AccountDelegate.refreshAll to async/await. 2023-10-27 21:49:23 -07:00
Brent Simmons
029842d04d Convert removeFolder to async/await. 2023-10-10 22:54:22 -07:00
Brent Simmons
d92c72c15d Convert renameFolder to async/await. 2023-10-10 22:25:58 -07:00
Brent Simmons
9285a956fa Convert receiveRemoteNotification to async/await. 2023-10-10 22:07:04 -07:00
Brent Simmons
378e116b5c Convert AccountDelegate.createFolder to async/await. 2023-10-10 21:21:52 -07:00
Brent Simmons
490095fd73 Convert account.rename to async/await. 2023-10-07 11:30:38 -07:00
Brent Simmons
f042c97156 Convert validateCredentials to async/await. 2023-10-07 10:53:02 -07:00
Brent Simmons
12fb814bff Rename Master* to Main*. 2023-09-24 11:10:50 -07:00
Brent Simmons
d61a895bc4 Rename masterFolderImage to folderImage. 2023-09-24 10:42:07 -07:00
Brent Simmons
5e3086667d Continue renaming Id to ID (and similar renames). 2023-09-16 22:04:43 -07:00
Brent Simmons
e9e64ad7d2 Add ReaderAPI and AccountError packages. 2023-08-28 07:55:04 -07:00
Brent Simmons
9df917c0fb Continue adopting async/await. 2023-07-14 14:29:58 -07:00
Brent Simmons
5c3cbd30f7 Continue adopting async/await. 2023-07-14 14:11:51 -07:00
Brent Simmons
81f7ac147a Replace webFeed with Feed in a few more places (which also fixes the add-feed sheet). 2023-07-14 11:18:04 -07:00
Brent Simmons
46838dd4eb Remove extraneous completionHandler parameters. 2023-07-10 21:52:38 -07:00
Brent Simmons
989f9a4366 Continue adopting async/await. 2023-07-10 21:44:38 -07:00
Brent Simmons
4f4d401cda Remove unused LegacyArticleExtractorButton. 2023-07-10 21:36:30 -07:00
Brent Simmons
0402bd607f Continue adopting async/await. 2023-07-10 21:19:28 -07:00
Brent Simmons
ed8a445a72 Remove the no-longer-used AddFeedWindowControllerType. 2023-07-09 23:04:45 -07:00
Brent Simmons
1be7e680d0 Use MainActor Task instead of GCD. 2023-07-09 22:54:55 -07:00
Brent Simmons
0be38b4eb3 Replace uses of forEach with for-in loops. 2023-07-09 22:33:46 -07:00
Brent Simmons
e1d2560fc0 Replace uses of forEach with for-in loops. 2023-07-09 22:29:37 -07:00
Brent Simmons
d60c2f6b60 Replace uses of forEach with for-in loops. 2023-07-09 22:20:58 -07:00
Brent Simmons
abb11afe3d Replace uses of forEach with for-in loops. 2023-07-09 22:14:09 -07:00
Brent Simmons
090e63b017 Replace uses of forEach with for-in loops. 2023-07-09 22:04:38 -07:00
Brent Simmons
b49731cc34 Continue adopting MainActor. 2023-07-09 11:34:56 -07:00
Brent Simmons
2f300164b1 Continue adopting MainActor. 2023-07-06 21:51:33 -07:00
Brent Simmons
771badecc6 Rename webFeed to feed. 2023-07-05 20:46:25 -07:00
Brent Simmons
422edff746 Continue renaming webFeed to just feed. 2023-07-05 14:34:48 -07:00
Brent Simmons
8eca24e46f Continue renaming webFeed to just feed. 2023-07-05 10:16:28 -07:00
Brent Simmons
2f07f4ee16 Rename WebFeed type to just Feed. 2023-07-05 10:02:53 -07:00
Brent Simmons
428cb73c34 Continue changing webFeed to feed. 2023-07-05 08:42:56 -07:00
Brent Simmons
ecd6075bd2 Rename Article.webFeedID to .feedID. 2023-07-05 07:33:29 -07:00
Brent Simmons
a6832dd2a5 Use ItemIdentifier and itemID instead of FeedIdentifier and feedID. (FeedIdentifier was renamed to ItemIdentifier.) 2023-07-04 14:41:02 -07:00
Brent Simmons
2598385be3 Rename WebFeedTreeControllerDelegate to FeedTreeControllerDelegate. 2023-07-02 16:24:44 -07:00
Brent Simmons
75f1eee00c Rename Article.webFeed to Article.feed. 2023-07-02 16:22:14 -07:00
Brent Simmons
bb450ababa Rename WebFeedPasteboardWriter to FeedPasteboardWriter. 2023-07-02 16:14:20 -07:00
Brent Simmons
e3cddc2bc2 Rename WebFeedMetadata to FeedMetadata. 2023-07-02 16:12:43 -07:00
Brent Simmons
c84f2a80bd Rename ScriptableWebFeed to ScriptableFeed. 2023-07-02 15:54:30 -07:00
Brent Simmons
cc438a9057 Rename PasteboardWebFeed to PasteboardFeed. 2023-07-02 15:35:20 -07:00
Brent Simmons
169f018c6a Rename AppDefaults.addWebFeedFolderName to .addFeedFolderName. 2023-07-02 15:28:15 -07:00
Brent Simmons
5c2a33a800 Rename AppDefaults.addWebFeedAccountID to .addFeedAccountID. 2023-07-02 15:25:50 -07:00
Brent Simmons
a9e78451a2 Rename showAddWebFeedWindow to showAddFeedWindow. 2023-07-02 15:22:51 -07:00
Brent Simmons
e2d88bbd33 Add Reddit deprecation alert code for Mac. 2023-07-02 15:19:08 -07:00
Brent Simmons
7556428c29 Rename user-facing New Web Feed text to just New Feed. 2023-07-02 15:03:31 -07:00