renun/NetNewsWire
1
0
Fork 0
mirror of https://github.com/Ranchero-Software/NetNewsWire synced 2025-08-12 06:26:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8,678 Commits 22 Branches 186 Tags
18087c19efd8eb520e67d7d667cc5fb127d1e2e2
Commit Graph

731 Commits

Author SHA1 Message Date
Wade Tregaskis
bc15440ded Now set the correct base URL for each article's webview, and now load app JavaScripts as WebKit "user" scripts. 
Setting the real base URL (rather than using a file URL pointing to the app's Resources folder) allows relative URLs to work correctly within the article, such as for images, and is compatible with Cross-Site-Origin policies that restrict use of resources outside of the origin domain.

It also implicitly eliminates access to the local file system from within the webview, as the use of a non-file base URL makes WebKit treats the webview's content as being from a remote server, and its default security policy is to then disallow local file access (except with explicit user action, such as drag-and-drop or via an `input` form element).

Note: the base URL is currently typically taken from the feed itself (specifically the "link" feed (channel) metadata).  That is controlled by the feed author (or a man-in-the-middle attacker).  It should perhaps be validated to ensure it's actually an HTTP/HTTPS URL, to prevent security problems.

The app-specific JavaScripts - used for fixing styling issues and the like - are now formally loaded as extensions to the web page, "user scripts" in WebKit parlance.  They're isolated to their own JavaScript world - meaning they can't be seen or manipulated by JavaScript from the feed article itself, and are more secure as a result.

Fixes #4156.

Co-Authored-By: Brent Simmons <1297121+brentsimmons@users.noreply.github.com>
 2023-11-22 13:47:54 -08:00
Maurice Parker
c0f11ea91a Remove extraneous character 2023-11-11 12:57:10 -06:00
Maurice Parker
96dd6cea16 Fix regression that didn't allow any events to register 2023-11-11 12:53:12 -06:00
Maurice Parker
f9e7de718d Update right click toolbar code for Sonoma 2023-11-11 12:43:02 -06:00
Brent Simmons
d92c72c15d Convert renameFolder to async/await. 2023-10-10 22:25:58 -07:00
Brent Simmons
378e116b5c Convert AccountDelegate.createFolder to async/await. 2023-10-10 21:21:52 -07:00
Brent Simmons
12fb814bff Rename Master* to Main*. 2023-09-24 11:10:50 -07:00
Brent Simmons
e9e64ad7d2 Add ReaderAPI and AccountError packages. 2023-08-28 07:55:04 -07:00
Brent Simmons
9df917c0fb Continue adopting async/await. 2023-07-14 14:29:58 -07:00
Brent Simmons
5c3cbd30f7 Continue adopting async/await. 2023-07-14 14:11:51 -07:00
Brent Simmons
81f7ac147a Replace webFeed with Feed in a few more places (which also fixes the add-feed sheet). 2023-07-14 11:18:04 -07:00
Brent Simmons
46838dd4eb Remove extraneous completionHandler parameters. 2023-07-10 21:52:38 -07:00
Brent Simmons
4f4d401cda Remove unused LegacyArticleExtractorButton. 2023-07-10 21:36:30 -07:00
Brent Simmons
0402bd607f Continue adopting async/await. 2023-07-10 21:19:28 -07:00
Brent Simmons
ed8a445a72 Remove the no-longer-used AddFeedWindowControllerType. 2023-07-09 23:04:45 -07:00
Brent Simmons
1be7e680d0 Use MainActor Task instead of GCD. 2023-07-09 22:54:55 -07:00
Brent Simmons
0be38b4eb3 Replace uses of forEach with for-in loops. 2023-07-09 22:33:46 -07:00
Brent Simmons
e1d2560fc0 Replace uses of forEach with for-in loops. 2023-07-09 22:29:37 -07:00
Brent Simmons
d60c2f6b60 Replace uses of forEach with for-in loops. 2023-07-09 22:20:58 -07:00
Brent Simmons
abb11afe3d Replace uses of forEach with for-in loops. 2023-07-09 22:14:09 -07:00
Brent Simmons
090e63b017 Replace uses of forEach with for-in loops. 2023-07-09 22:04:38 -07:00
Brent Simmons
b49731cc34 Continue adopting MainActor. 2023-07-09 11:34:56 -07:00
Brent Simmons
2f300164b1 Continue adopting MainActor. 2023-07-06 21:51:33 -07:00
Brent Simmons
771badecc6 Rename webFeed to feed. 2023-07-05 20:46:25 -07:00
Brent Simmons
422edff746 Continue renaming webFeed to just feed. 2023-07-05 14:34:48 -07:00
Brent Simmons
8eca24e46f Continue renaming webFeed to just feed. 2023-07-05 10:16:28 -07:00
Brent Simmons
2f07f4ee16 Rename WebFeed type to just Feed. 2023-07-05 10:02:53 -07:00
Brent Simmons
428cb73c34 Continue changing webFeed to feed. 2023-07-05 08:42:56 -07:00
Brent Simmons
ecd6075bd2 Rename Article.webFeedID to .feedID. 2023-07-05 07:33:29 -07:00
Brent Simmons
a6832dd2a5 Use ItemIdentifier and itemID instead of FeedIdentifier and feedID. (FeedIdentifier was renamed to ItemIdentifier.) 2023-07-04 14:41:02 -07:00
Brent Simmons
2598385be3 Rename WebFeedTreeControllerDelegate to FeedTreeControllerDelegate. 2023-07-02 16:24:44 -07:00
Brent Simmons
75f1eee00c Rename Article.webFeed to Article.feed. 2023-07-02 16:22:14 -07:00
Brent Simmons
bb450ababa Rename WebFeedPasteboardWriter to FeedPasteboardWriter. 2023-07-02 16:14:20 -07:00
Brent Simmons
e3cddc2bc2 Rename WebFeedMetadata to FeedMetadata. 2023-07-02 16:12:43 -07:00
Brent Simmons
cc438a9057 Rename PasteboardWebFeed to PasteboardFeed. 2023-07-02 15:35:20 -07:00
Brent Simmons
a9e78451a2 Rename showAddWebFeedWindow to showAddFeedWindow. 2023-07-02 15:22:51 -07:00
Brent Simmons
e6e03e0d7a Rename Feed to FeedProtocol. (This is part one of renaming WebFeed to Feed.) 2023-07-01 12:43:36 -07:00
Brent Simmons
a8fa627c6b Get Mac app building. 2023-06-30 22:02:24 -07:00
Brent Simmons
d309c05cb0 Continue removing feed provider and extension point references. 2023-06-30 21:47:17 -07:00
Brent Simmons
48ff7ec80d Continue removing ExtensionPoint code. 2023-06-30 21:36:20 -07:00
Brent Simmons
7c75f62fcf Continue removing Reddit references. 2023-06-30 21:24:18 -07:00
Brent Simmons
a673e6bba7 Continue removing Reddit references. 2023-06-30 21:20:11 -07:00
Brent Simmons
665cc3dc30 Merge pull request #4013 from Jerry23011/sc-6-3 
Update Simplified Chinese localization
 2023-06-03 11:53:42 -07:00
Brent Simmons
a72b10c6d7 Merge pull request #4005 from stuartbreckenridge/fix/warnings 
Remove Deprecation Warnings
 2023-06-03 11:52:12 -07:00
Jerry
2f9999ba00 Update NNW3OpenPanelAccessoryView.strings 2023-06-03 11:57:22 +08:00
Jerry
90f0645ea6 Add Simplified Chinese translation 2023-06-03 11:39:27 +08:00
Stuart Breckenridge
7a008db10c Force OPML extension on NSSavePanel 
`allowedContentTypes` in now `.opml` only for export subscriptions. To ensure that this extension is used, the `nameFieldStringValue` no longer provides an extension.
 2023-06-03 08:40:32 +08:00
J-rg
79ac502bac Enable Base localization for remaining XIB files 2023-05-31 13:35:50 +02:00
Stuart Breckenridge
da36085c93 [macOS] Reduced Deprecation Warnings 
- ShareViewController now uses `UTType`
- Now using NSWorkspace.shared.icon(for: .applicationBundle)
- Unused code `extensionPointTypeTitle` removed
- NNW3 Import now uses `allowedContentTypes`
 2023-05-31 16:57:57 +08:00
Stuart Breckenridge
abcc836c07 [macOS] Updates Import/Export of OPML 
- Created OPML UTType
- Added OPML as an importable UTI type
- `allowedFileTypes` replaced with `allowed ContentTypes`
- Moved UTType extension to single shared file
- Build flags updated
 2023-05-31 16:57:57 +08:00