renun/NetNewsWire
1
0
Fork 0
mirror of https://github.com/Ranchero-Software/NetNewsWire synced 2025-08-12 06:26:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8,719 Commits 22 Branches 186 Tags
a0738005c5b24bfc7c500458fd351c8d1c0dc44d
Commit Graph

2240 Commits

Author SHA1 Message Date
Wade Tregaskis
bc15440ded Now set the correct base URL for each article's webview, and now load app JavaScripts as WebKit "user" scripts. 
Setting the real base URL (rather than using a file URL pointing to the app's Resources folder) allows relative URLs to work correctly within the article, such as for images, and is compatible with Cross-Site-Origin policies that restrict use of resources outside of the origin domain.

It also implicitly eliminates access to the local file system from within the webview, as the use of a non-file base URL makes WebKit treats the webview's content as being from a remote server, and its default security policy is to then disallow local file access (except with explicit user action, such as drag-and-drop or via an `input` form element).

Note: the base URL is currently typically taken from the feed itself (specifically the "link" feed (channel) metadata).  That is controlled by the feed author (or a man-in-the-middle attacker).  It should perhaps be validated to ensure it's actually an HTTP/HTTPS URL, to prevent security problems.

The app-specific JavaScripts - used for fixing styling issues and the like - are now formally loaded as extensions to the web page, "user scripts" in WebKit parlance.  They're isolated to their own JavaScript world - meaning they can't be seen or manipulated by JavaScript from the feed article itself, and are more secure as a result.

Fixes #4156.

Co-Authored-By: Brent Simmons <1297121+brentsimmons@users.noreply.github.com>
 2023-11-22 13:47:54 -08:00
Brent Simmons
9285a956fa Convert receiveRemoteNotification to async/await. 2023-10-10 22:07:04 -07:00
Brent Simmons
12fb814bff Rename Master* to Main*. 2023-09-24 11:10:50 -07:00
Brent Simmons
d61a895bc4 Rename masterFolderImage to folderImage. 2023-09-24 10:42:07 -07:00
Brent Simmons
5e3086667d Continue renaming Id to ID (and similar renames). 2023-09-16 22:04:43 -07:00
Brent Simmons
9df917c0fb Continue adopting async/await. 2023-07-14 14:29:58 -07:00
Brent Simmons
5ca3c0f99b Make all of AppDelegate (iOS) @MainActor. 2023-07-10 21:49:58 -07:00
Brent Simmons
1fa9fa5e10 Remove unused imports. 2023-07-09 22:45:05 -07:00
Brent Simmons
3c2d83dace Rename bgTaskDispatchQueue to backgroundTaskDispatchQueue. 2023-07-09 22:43:24 -07:00
Brent Simmons
0611d71bfe Replace uses of forEach with for-in loops. 2023-07-09 22:41:35 -07:00
Brent Simmons
d60c2f6b60 Replace uses of forEach with for-in loops. 2023-07-09 22:20:58 -07:00
Brent Simmons
abb11afe3d Replace uses of forEach with for-in loops. 2023-07-09 22:14:09 -07:00
Brent Simmons
63cc39dc4f Continue adopting MainActor. 2023-07-09 11:41:42 -07:00
Brent Simmons
2f300164b1 Continue adopting MainActor. 2023-07-06 21:51:33 -07:00
Brent Simmons
771badecc6 Rename webFeed to feed. 2023-07-05 20:46:25 -07:00
Brent Simmons
422edff746 Continue renaming webFeed to just feed. 2023-07-05 14:34:48 -07:00
Brent Simmons
8eca24e46f Continue renaming webFeed to just feed. 2023-07-05 10:16:28 -07:00
Brent Simmons
2f07f4ee16 Rename WebFeed type to just Feed. 2023-07-05 10:02:53 -07:00
Brent Simmons
428cb73c34 Continue changing webFeed to feed. 2023-07-05 08:42:56 -07:00
Brent Simmons
a6832dd2a5 Use ItemIdentifier and itemID instead of FeedIdentifier and feedID. (FeedIdentifier was renamed to ItemIdentifier.) 2023-07-04 14:41:02 -07:00
Brent Simmons
2598385be3 Rename WebFeedTreeControllerDelegate to FeedTreeControllerDelegate. 2023-07-02 16:24:44 -07:00
Brent Simmons
75f1eee00c Rename Article.webFeed to Article.feed. 2023-07-02 16:22:14 -07:00
Brent Simmons
e3cddc2bc2 Rename WebFeedMetadata to FeedMetadata. 2023-07-02 16:12:43 -07:00
Brent Simmons
14c170ebd3 Separate the various Sections in SettingsView.body into separate vars to help type inference. 2023-07-02 15:49:52 -07:00
Brent Simmons
ea14d87743 Rename AddWebFeedIntent to AddFeedIntent. 2023-07-02 15:39:12 -07:00
Brent Simmons
169f018c6a Rename AppDefaults.addWebFeedFolderName to .addFeedFolderName. 2023-07-02 15:28:15 -07:00
Brent Simmons
5c2a33a800 Rename AppDefaults.addWebFeedAccountID to .addFeedAccountID. 2023-07-02 15:25:50 -07:00
Brent Simmons
d4092b21fd Add Reddit API deprecation alert code. 2023-07-02 15:09:12 -07:00
Brent Simmons
7556428c29 Rename user-facing New Web Feed text to just New Feed. 2023-07-02 15:03:31 -07:00
Brent Simmons
e6e03e0d7a Rename Feed to FeedProtocol. (This is part one of renaming WebFeed to Feed.) 2023-07-01 12:43:36 -07:00
Brent Simmons
641e35322c Continue removing ExtensionPoint code. 2023-06-30 22:08:17 -07:00
Brent Simmons
8a9c680cfc Continue removing ExtensionPoint code. Start fixing build errors. 2023-06-30 21:55:54 -07:00
Brent Simmons
d309c05cb0 Continue removing feed provider and extension point references. 2023-06-30 21:47:17 -07:00
Brent Simmons
942ad6bd49 Continue removing Reddit references. 2023-06-30 21:28:07 -07:00
Brent Simmons
7c75f62fcf Continue removing Reddit references. 2023-06-30 21:24:18 -07:00
Brent Simmons
e931444262 Begin removing Reddit and ExtensionPoint code. 2023-06-30 21:15:51 -07:00
Stuart Breckenridge
8bf0744d3b Correct description 2023-06-04 18:59:42 +08:00
Stuart Breckenridge
f1446856e3 Adds Simplified Chinese translations 2023-06-04 18:58:14 +08:00
Stuart Breckenridge
e9fed8ddc1 Internationalises notificationDisplayName 
& provides en, en-gb strings; simplified chinese pending
 2023-06-04 18:32:28 +08:00
Brent Simmons
665cc3dc30 Merge pull request #4013 from Jerry23011/sc-6-3 
Update Simplified Chinese localization
 2023-06-03 11:53:42 -07:00
Jerry
90f0645ea6 Add Simplified Chinese translation 2023-06-03 11:39:27 +08:00
Jerry
d5ed8c697a Add Simplified Chinese localization for xibs 2023-06-03 11:20:49 +08:00
Stuart Breckenridge
17c4252841 Reinstates NavigationLink 2023-06-03 08:48:09 +08:00
Stuart Breckenridge
41e0e6170c Remove dead code 2023-06-03 08:46:04 +08:00
Stuart Breckenridge
a80fa38a5f [iOS] Reduced Project Warnings 
- Unused code has been removed (`InteractiveLabel`)
- `NavigationLink` code updated
- `Async` alternative used for UNUserNotificationCenter
- iOS target update to 16 to remove Storyboard related warnings
 2023-05-31 16:09:38 +08:00
Brent Simmons
168078faaa Merge branch 'main' into SC-localization 2023-05-30 21:57:15 -07:00
Jerry
8f4ee68b91 Update Simplified Chinese localization 2023-05-30 09:17:33 +08:00
Jerry
89eeb94024 Create Simplified Chinese locales 2023-05-28 14:22:55 +08:00
Stuart Breckenridge
714d769b3e Enables localisation on remaining xibs 2023-05-28 12:46:21 +08:00
Stuart Breckenridge
59ec1c58ae Fixes build errors on iOS 2023-05-27 17:14:27 +08:00