renun/NetNewsWire
1
0
Fork 0
mirror of https://github.com/Ranchero-Software/NetNewsWire synced 2025-08-12 06:26:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8,678 Commits 22 Branches 186 Tags
18087c19efd8eb520e67d7d667cc5fb127d1e2e2
Commit Graph

835 Commits

Author SHA1 Message Date
Wade Tregaskis
bc15440ded Now set the correct base URL for each article's webview, and now load app JavaScripts as WebKit "user" scripts. 
Setting the real base URL (rather than using a file URL pointing to the app's Resources folder) allows relative URLs to work correctly within the article, such as for images, and is compatible with Cross-Site-Origin policies that restrict use of resources outside of the origin domain.

It also implicitly eliminates access to the local file system from within the webview, as the use of a non-file base URL makes WebKit treats the webview's content as being from a remote server, and its default security policy is to then disallow local file access (except with explicit user action, such as drag-and-drop or via an `input` form element).

Note: the base URL is currently typically taken from the feed itself (specifically the "link" feed (channel) metadata).  That is controlled by the feed author (or a man-in-the-middle attacker).  It should perhaps be validated to ensure it's actually an HTTP/HTTPS URL, to prevent security problems.

The app-specific JavaScripts - used for fixing styling issues and the like - are now formally loaded as extensions to the web page, "user scripts" in WebKit parlance.  They're isolated to their own JavaScript world - meaning they can't be seen or manipulated by JavaScript from the feed article itself, and are more secure as a result.

Fixes #4156.

Co-Authored-By: Brent Simmons <1297121+brentsimmons@users.noreply.github.com>
 2023-11-22 13:47:54 -08:00
Teddy Bradford
e34f002a1b Re-add spacing between figure img and caption 2023-11-02 03:25:32 -04:00
Brent Simmons
6cd8715eb0 Convert AccountDelegate.syncArticleStatus to async/await. 2023-10-27 22:13:29 -07:00
Brent Simmons
98c8135d04 Convert AccountDelegate.refreshAll to async/await. 2023-10-27 21:49:23 -07:00
Brent Simmons
029842d04d Convert removeFolder to async/await. 2023-10-10 22:54:22 -07:00
Nate Weaver
9a1b688253 Fix footnote popovers overlapping nearby later footnote bubbles 2023-09-24 16:23:12 -05:00
Brent Simmons
d61a895bc4 Rename masterFolderImage to folderImage. 2023-09-24 10:42:07 -07:00
Brent Simmons
5e3086667d Continue renaming Id to ID (and similar renames). 2023-09-16 22:04:43 -07:00
Brent Simmons
0be38b4eb3 Replace uses of forEach with for-in loops. 2023-07-09 22:33:46 -07:00
Brent Simmons
e1d2560fc0 Replace uses of forEach with for-in loops. 2023-07-09 22:29:37 -07:00
Brent Simmons
d60c2f6b60 Replace uses of forEach with for-in loops. 2023-07-09 22:20:58 -07:00
Brent Simmons
abb11afe3d Replace uses of forEach with for-in loops. 2023-07-09 22:14:09 -07:00
Brent Simmons
63cc39dc4f Continue adopting MainActor. 2023-07-09 11:41:42 -07:00
Brent Simmons
b49731cc34 Continue adopting MainActor. 2023-07-09 11:34:56 -07:00
Brent Simmons
2f300164b1 Continue adopting MainActor. 2023-07-06 21:51:33 -07:00
Brent Simmons
771badecc6 Rename webFeed to feed. 2023-07-05 20:46:25 -07:00
Brent Simmons
8a605b3b61 Rename sortableWebFeedID to sortableFeedID. 2023-07-05 14:36:35 -07:00
Brent Simmons
8eca24e46f Continue renaming webFeed to just feed. 2023-07-05 10:16:28 -07:00
Brent Simmons
2f07f4ee16 Rename WebFeed type to just Feed. 2023-07-05 10:02:53 -07:00
Brent Simmons
428cb73c34 Continue changing webFeed to feed. 2023-07-05 08:42:56 -07:00
Brent Simmons
ecd6075bd2 Rename Article.webFeedID to .feedID. 2023-07-05 07:33:29 -07:00
Brent Simmons
8c9d143f18 Revert change to "feedIdentifier" value in state restoration. Add comment about not changing the values. 2023-07-04 14:57:15 -07:00
Brent Simmons
a6832dd2a5 Use ItemIdentifier and itemID instead of FeedIdentifier and feedID. (FeedIdentifier was renamed to ItemIdentifier.) 2023-07-04 14:41:02 -07:00
Brent Simmons
2598385be3 Rename WebFeedTreeControllerDelegate to FeedTreeControllerDelegate. 2023-07-02 16:24:44 -07:00
Brent Simmons
75f1eee00c Rename Article.webFeed to Article.feed. 2023-07-02 16:22:14 -07:00
Brent Simmons
169f018c6a Rename AppDefaults.addWebFeedFolderName to .addFeedFolderName. 2023-07-02 15:28:15 -07:00
Brent Simmons
5c2a33a800 Rename AppDefaults.addWebFeedAccountID to .addFeedAccountID. 2023-07-02 15:25:50 -07:00
Brent Simmons
2112b51b49 Delete TwitterFeedProvider-Extensions.swift. 2023-07-02 13:10:27 -07:00
Brent Simmons
e6e03e0d7a Rename Feed to FeedProtocol. (This is part one of renaming WebFeed to Feed.) 2023-07-01 12:43:36 -07:00
Brent Simmons
8a9c680cfc Continue removing ExtensionPoint code. Start fixing build errors. 2023-06-30 21:55:54 -07:00
Brent Simmons
d309c05cb0 Continue removing feed provider and extension point references. 2023-06-30 21:47:17 -07:00
Brent Simmons
942ad6bd49 Continue removing Reddit references. 2023-06-30 21:28:07 -07:00
Brent Simmons
e931444262 Begin removing Reddit and ExtensionPoint code. 2023-06-30 21:15:51 -07:00
Stuart Breckenridge
abcc836c07 [macOS] Updates Import/Export of OPML 
- Created OPML UTType
- Added OPML as an importable UTI type
- `allowedFileTypes` replaced with `allowed ContentTypes`
- Moved UTType extension to single shared file
- Build flags updated
 2023-05-31 16:57:57 +08:00
Stuart Breckenridge
5750b7c250 Removes @available for iOS 14, 15 2023-05-30 09:39:51 +08:00
Stuart Breckenridge
e2eeed8f99 Target macOS 13 
• `xcconfig` `MACOSX_DEPLOYMENT_TARGET` updated to 13.0
• Removed `@available` annotations for macOS < 13.0
• Removed for Big Sur fixes.

This has been built and doesn’t trigger any build settings should be `xcconfig` options.
 2023-05-30 09:15:08 +08:00
Stuart Breckenridge
31e783a5f7 Localizes Theme headings for future use 2023-05-27 17:09:25 +08:00
Stuart Breckenridge
ed6ff090be Merge branch 'ios-ui-settings-localised' into localize_strings 
# Conflicts:
#	Mac/AppDelegate.swift
#	Mac/Base.lproj/Preferences.storyboard
#	NetNewsWire.xcodeproj/project.pbxproj
#	Shared/Localizations/LocalizedNetNewsWireError.swift
#	iOS/MasterFeed/MasterFeedViewController.swift
#	iOS/Settings/Appearance/ArticleThemeManagerView.swift
#	iOS/Settings/Appearance/DisplayAndBehaviorsView.swift
#	iOS/Settings/General/SettingsView.swift
 2023-05-27 17:00:42 +08:00
Stuart Breckenridge
a2b6fa2a1e Reinstates themesByDeveloper to ArticleThemesManager 2023-05-27 16:13:32 +08:00
Stuart Breckenridge
5aaae58272 Merge branch 'main' into ios-ui-settings-localised 
# Conflicts:
#	Shared/ArticleStyles/ArticleThemesManager.swift
 2023-05-27 15:26:03 +08:00
Brent Simmons
889faee856 Merge pull request #3948 from vincode-io/theme_reloading_fix 
Theme reloading fix
 2023-05-13 17:03:26 -07:00
Brent Simmons
2ef66d78e8 Replace nnw.ranchero.com with netnewswire.blog to reflect new URL of blog. 2023-04-30 21:40:52 -07:00
Brent Simmons
bc37f8544e Merge branch 'mac-release' into main. 2023-04-30 17:22:47 -07:00
Maurice Parker
3a2b05ca96 Merge branch 'theme_reloading_fix' of https://github.com/vincode-io/NetNewsWire into theme_reloading_fix 2023-04-19 18:57:44 -05:00
Brent Simmons
86294c32e6 Update feeds to remove feeds that — sadly! — appear to be inactive. Add Allen Pike’s feed. 2023-04-08 10:00:12 -07:00
Stuart Breckenridge
4478f9ee9b Adds @MainActor to OPMLDocument fileWrapper func 2023-04-06 17:58:30 +04:00
Stuart Breckenridge
bb48e60068 Merge branch 'main' into ios-ui-settings-localised 2023-04-06 17:45:18 +04:00
Brent Simmons
402c5e7bbb Continue adopting @MainActor. 2023-04-05 09:24:43 -07:00
Brent Simmons
c9a6405927 Continue adopting @MainActor. 2023-04-01 22:08:31 -07:00
Brent Simmons
d5f9f00aab Fix typo. 2023-04-01 21:19:56 -07:00