bc15440ded
Now set the correct base URL for each article's webview, and now load app JavaScripts as WebKit "user" scripts.
...
Setting the real base URL (rather than using a file URL pointing to the app's Resources folder) allows relative URLs to work correctly within the article, such as for images, and is compatible with Cross-Site-Origin policies that restrict use of resources outside of the origin domain.
It also implicitly eliminates access to the local file system from within the webview, as the use of a non-file base URL makes WebKit treats the webview's content as being from a remote server, and its default security policy is to then disallow local file access (except with explicit user action, such as drag-and-drop or via an `input` form element).
Note: the base URL is currently typically taken from the feed itself (specifically the "link" feed (channel) metadata). That is controlled by the feed author (or a man-in-the-middle attacker). It should perhaps be validated to ensure it's actually an HTTP/HTTPS URL, to prevent security problems.
The app-specific JavaScripts - used for fixing styling issues and the like - are now formally loaded as extensions to the web page, "user scripts" in WebKit parlance. They're isolated to their own JavaScript world - meaning they can't be seen or manipulated by JavaScript from the feed article itself, and are more secure as a result.
Fixes #4156 .
Co-Authored-By: Brent Simmons <1297121+brentsimmons@users.noreply.github.com >
2023-11-22 13:47:54 -08:00
9285a956fa
Convert receiveRemoteNotification to async/await.
2023-10-10 22:07:04 -07:00
12fb814bff
Rename Master* to Main*.
2023-09-24 11:10:50 -07:00
d61a895bc4
Rename masterFolderImage to folderImage.
2023-09-24 10:42:07 -07:00
5e3086667d
Continue renaming Id to ID (and similar renames).
2023-09-16 22:04:43 -07:00
9df917c0fb
Continue adopting async/await.
2023-07-14 14:29:58 -07:00
5ca3c0f99b
Make all of AppDelegate (iOS) @MainActor.
2023-07-10 21:49:58 -07:00
1fa9fa5e10
Remove unused imports.
2023-07-09 22:45:05 -07:00
3c2d83dace
Rename bgTaskDispatchQueue to backgroundTaskDispatchQueue.
2023-07-09 22:43:24 -07:00
0611d71bfe
Replace uses of forEach with for-in loops.
2023-07-09 22:41:35 -07:00
d60c2f6b60
Replace uses of forEach with for-in loops.
2023-07-09 22:20:58 -07:00
abb11afe3d
Replace uses of forEach with for-in loops.
2023-07-09 22:14:09 -07:00
63cc39dc4f
Continue adopting MainActor.
2023-07-09 11:41:42 -07:00
2f300164b1
Continue adopting MainActor.
2023-07-06 21:51:33 -07:00
771badecc6
Rename webFeed to feed.
2023-07-05 20:46:25 -07:00
422edff746
Continue renaming webFeed to just feed.
2023-07-05 14:34:48 -07:00
8eca24e46f
Continue renaming webFeed to just feed.
2023-07-05 10:16:28 -07:00
2f07f4ee16
Rename WebFeed type to just Feed.
2023-07-05 10:02:53 -07:00
428cb73c34
Continue changing webFeed to feed.
2023-07-05 08:42:56 -07:00
a6832dd2a5
Use ItemIdentifier and itemID instead of FeedIdentifier and feedID. (FeedIdentifier was renamed to ItemIdentifier.)
2023-07-04 14:41:02 -07:00
2598385be3
Rename WebFeedTreeControllerDelegate to FeedTreeControllerDelegate.
2023-07-02 16:24:44 -07:00
75f1eee00c
Rename Article.webFeed to Article.feed.
2023-07-02 16:22:14 -07:00
e3cddc2bc2
Rename WebFeedMetadata to FeedMetadata.
2023-07-02 16:12:43 -07:00
14c170ebd3
Separate the various Sections in SettingsView.body into separate vars to help type inference.
2023-07-02 15:49:52 -07:00
ea14d87743
Rename AddWebFeedIntent to AddFeedIntent.
2023-07-02 15:39:12 -07:00
169f018c6a
Rename AppDefaults.addWebFeedFolderName to .addFeedFolderName.
2023-07-02 15:28:15 -07:00
5c2a33a800
Rename AppDefaults.addWebFeedAccountID to .addFeedAccountID.
2023-07-02 15:25:50 -07:00
d4092b21fd
Add Reddit API deprecation alert code.
2023-07-02 15:09:12 -07:00
7556428c29
Rename user-facing New Web Feed text to just New Feed.
2023-07-02 15:03:31 -07:00
e6e03e0d7a
Rename Feed to FeedProtocol. (This is part one of renaming WebFeed to Feed.)
2023-07-01 12:43:36 -07:00
641e35322c
Continue removing ExtensionPoint code.
2023-06-30 22:08:17 -07:00
8a9c680cfc
Continue removing ExtensionPoint code. Start fixing build errors.
2023-06-30 21:55:54 -07:00
d309c05cb0
Continue removing feed provider and extension point references.
2023-06-30 21:47:17 -07:00
942ad6bd49
Continue removing Reddit references.
2023-06-30 21:28:07 -07:00
7c75f62fcf
Continue removing Reddit references.
2023-06-30 21:24:18 -07:00
e931444262
Begin removing Reddit and ExtensionPoint code.
2023-06-30 21:15:51 -07:00
8bf0744d3b
Correct description
2023-06-04 18:59:42 +08:00
f1446856e3
Adds Simplified Chinese translations
2023-06-04 18:58:14 +08:00
e9fed8ddc1
Internationalises notificationDisplayName
...
& provides en, en-gb strings; simplified chinese pending
2023-06-04 18:32:28 +08:00
665cc3dc30
Merge pull request #4013 from Jerry23011/sc-6-3
...
Update Simplified Chinese localization
2023-06-03 11:53:42 -07:00
90f0645ea6
Add Simplified Chinese translation
2023-06-03 11:39:27 +08:00
d5ed8c697a
Add Simplified Chinese localization for xibs
2023-06-03 11:20:49 +08:00
17c4252841
Reinstates NavigationLink
2023-06-03 08:48:09 +08:00
41e0e6170c
Remove dead code
2023-06-03 08:46:04 +08:00
a80fa38a5f
[iOS] Reduced Project Warnings
...
- Unused code has been removed (`InteractiveLabel`)
- `NavigationLink` code updated
- `Async` alternative used for UNUserNotificationCenter
- iOS target update to 16 to remove Storyboard related warnings
2023-05-31 16:09:38 +08:00
168078faaa
Merge branch 'main' into SC-localization
2023-05-30 21:57:15 -07:00
8f4ee68b91
Update Simplified Chinese localization
2023-05-30 09:17:33 +08:00
89eeb94024
Create Simplified Chinese locales
2023-05-28 14:22:55 +08:00
714d769b3e
Enables localisation on remaining xibs
2023-05-28 12:46:21 +08:00
59ec1c58ae
Fixes build errors on iOS
2023-05-27 17:14:27 +08:00
Wade Tregaskis