bc15440ded
Now set the correct base URL for each article's webview, and now load app JavaScripts as WebKit "user" scripts.
...
Setting the real base URL (rather than using a file URL pointing to the app's Resources folder) allows relative URLs to work correctly within the article, such as for images, and is compatible with Cross-Site-Origin policies that restrict use of resources outside of the origin domain.
It also implicitly eliminates access to the local file system from within the webview, as the use of a non-file base URL makes WebKit treats the webview's content as being from a remote server, and its default security policy is to then disallow local file access (except with explicit user action, such as drag-and-drop or via an `input` form element).
Note: the base URL is currently typically taken from the feed itself (specifically the "link" feed (channel) metadata). That is controlled by the feed author (or a man-in-the-middle attacker). It should perhaps be validated to ensure it's actually an HTTP/HTTPS URL, to prevent security problems.
The app-specific JavaScripts - used for fixing styling issues and the like - are now formally loaded as extensions to the web page, "user scripts" in WebKit parlance. They're isolated to their own JavaScript world - meaning they can't be seen or manipulated by JavaScript from the feed article itself, and are more secure as a result.
Fixes #4156 .
Co-Authored-By: Brent Simmons <1297121+brentsimmons@users.noreply.github.com >
2023-11-22 13:47:54 -08:00
e34f002a1b
Re-add spacing between figure img and caption
2023-11-02 03:25:32 -04:00
6cd8715eb0
Convert AccountDelegate.syncArticleStatus to async/await.
2023-10-27 22:13:29 -07:00
98c8135d04
Convert AccountDelegate.refreshAll to async/await.
2023-10-27 21:49:23 -07:00
029842d04d
Convert removeFolder to async/await.
2023-10-10 22:54:22 -07:00
9a1b688253
Fix footnote popovers overlapping nearby later footnote bubbles
2023-09-24 16:23:12 -05:00
d61a895bc4
Rename masterFolderImage to folderImage.
2023-09-24 10:42:07 -07:00
5e3086667d
Continue renaming Id to ID (and similar renames).
2023-09-16 22:04:43 -07:00
0be38b4eb3
Replace uses of forEach with for-in loops.
2023-07-09 22:33:46 -07:00
e1d2560fc0
Replace uses of forEach with for-in loops.
2023-07-09 22:29:37 -07:00
d60c2f6b60
Replace uses of forEach with for-in loops.
2023-07-09 22:20:58 -07:00
abb11afe3d
Replace uses of forEach with for-in loops.
2023-07-09 22:14:09 -07:00
63cc39dc4f
Continue adopting MainActor.
2023-07-09 11:41:42 -07:00
b49731cc34
Continue adopting MainActor.
2023-07-09 11:34:56 -07:00
2f300164b1
Continue adopting MainActor.
2023-07-06 21:51:33 -07:00
771badecc6
Rename webFeed to feed.
2023-07-05 20:46:25 -07:00
8a605b3b61
Rename sortableWebFeedID to sortableFeedID.
2023-07-05 14:36:35 -07:00
8eca24e46f
Continue renaming webFeed to just feed.
2023-07-05 10:16:28 -07:00
2f07f4ee16
Rename WebFeed type to just Feed.
2023-07-05 10:02:53 -07:00
428cb73c34
Continue changing webFeed to feed.
2023-07-05 08:42:56 -07:00
ecd6075bd2
Rename Article.webFeedID to .feedID.
2023-07-05 07:33:29 -07:00
8c9d143f18
Revert change to "feedIdentifier" value in state restoration. Add comment about not changing the values.
2023-07-04 14:57:15 -07:00
a6832dd2a5
Use ItemIdentifier and itemID instead of FeedIdentifier and feedID. (FeedIdentifier was renamed to ItemIdentifier.)
2023-07-04 14:41:02 -07:00
2598385be3
Rename WebFeedTreeControllerDelegate to FeedTreeControllerDelegate.
2023-07-02 16:24:44 -07:00
75f1eee00c
Rename Article.webFeed to Article.feed.
2023-07-02 16:22:14 -07:00
169f018c6a
Rename AppDefaults.addWebFeedFolderName to .addFeedFolderName.
2023-07-02 15:28:15 -07:00
5c2a33a800
Rename AppDefaults.addWebFeedAccountID to .addFeedAccountID.
2023-07-02 15:25:50 -07:00
2112b51b49
Delete TwitterFeedProvider-Extensions.swift.
2023-07-02 13:10:27 -07:00
e6e03e0d7a
Rename Feed to FeedProtocol. (This is part one of renaming WebFeed to Feed.)
2023-07-01 12:43:36 -07:00
8a9c680cfc
Continue removing ExtensionPoint code. Start fixing build errors.
2023-06-30 21:55:54 -07:00
d309c05cb0
Continue removing feed provider and extension point references.
2023-06-30 21:47:17 -07:00
942ad6bd49
Continue removing Reddit references.
2023-06-30 21:28:07 -07:00
e931444262
Begin removing Reddit and ExtensionPoint code.
2023-06-30 21:15:51 -07:00
abcc836c07
[macOS] Updates Import/Export of OPML
...
- Created OPML UTType
- Added OPML as an importable UTI type
- `allowedFileTypes` replaced with `allowed ContentTypes`
- Moved UTType extension to single shared file
- Build flags updated
2023-05-31 16:57:57 +08:00
5750b7c250
Removes @available for iOS 14, 15
2023-05-30 09:39:51 +08:00
e2eeed8f99
Target macOS 13
...
• `xcconfig` `MACOSX_DEPLOYMENT_TARGET` updated to 13.0
• Removed `@available` annotations for macOS < 13.0
• Removed for Big Sur fixes.
This has been built and doesn’t trigger any build settings should be `xcconfig` options.
2023-05-30 09:15:08 +08:00
31e783a5f7
Localizes Theme headings for future use
2023-05-27 17:09:25 +08:00
ed6ff090be
Merge branch 'ios-ui-settings-localised' into localize_strings
...
# Conflicts:
# Mac/AppDelegate.swift
# Mac/Base.lproj/Preferences.storyboard
# NetNewsWire.xcodeproj/project.pbxproj
# Shared/Localizations/LocalizedNetNewsWireError.swift
# iOS/MasterFeed/MasterFeedViewController.swift
# iOS/Settings/Appearance/ArticleThemeManagerView.swift
# iOS/Settings/Appearance/DisplayAndBehaviorsView.swift
# iOS/Settings/General/SettingsView.swift
2023-05-27 17:00:42 +08:00
a2b6fa2a1e
Reinstates themesByDeveloper to ArticleThemesManager
2023-05-27 16:13:32 +08:00
5aaae58272
Merge branch 'main' into ios-ui-settings-localised
...
# Conflicts:
# Shared/ArticleStyles/ArticleThemesManager.swift
2023-05-27 15:26:03 +08:00
889faee856
Merge pull request #3948 from vincode-io/theme_reloading_fix
...
Theme reloading fix
2023-05-13 17:03:26 -07:00
2ef66d78e8
Replace nnw.ranchero.com with netnewswire.blog to reflect new URL of blog.
2023-04-30 21:40:52 -07:00
bc37f8544e
Merge branch 'mac-release' into main.
2023-04-30 17:22:47 -07:00
3a2b05ca96
Merge branch 'theme_reloading_fix' of https://github.com/vincode-io/NetNewsWire into theme_reloading_fix
2023-04-19 18:57:44 -05:00
86294c32e6
Update feeds to remove feeds that — sadly! — appear to be inactive. Add Allen Pike’s feed.
2023-04-08 10:00:12 -07:00
4478f9ee9b
Adds @MainActor to OPMLDocument fileWrapper func
2023-04-06 17:58:30 +04:00
bb48e60068
Merge branch 'main' into ios-ui-settings-localised
2023-04-06 17:45:18 +04:00
402c5e7bbb
Continue adopting @MainActor.
2023-04-05 09:24:43 -07:00
c9a6405927
Continue adopting @MainActor.
2023-04-01 22:08:31 -07:00
d5f9f00aab
Fix typo.
2023-04-01 21:19:56 -07:00
Wade Tregaskis