renun/NetNewsWire
1
0
Fork 0
mirror of https://github.com/Ranchero-Software/NetNewsWire synced 2025-08-12 06:26:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8,673 Commits 22 Branches 186 Tags
bc15440ded7d12b5a943bfb42195d51bdf48940f
Commit Graph

8673 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Wade Tregaskis
bc15440ded Now set the correct base URL for each article's webview, and now load app JavaScripts as WebKit "user" scripts. 
Setting the real base URL (rather than using a file URL pointing to the app's Resources folder) allows relative URLs to work correctly within the article, such as for images, and is compatible with Cross-Site-Origin policies that restrict use of resources outside of the origin domain.

It also implicitly eliminates access to the local file system from within the webview, as the use of a non-file base URL makes WebKit treats the webview's content as being from a remote server, and its default security policy is to then disallow local file access (except with explicit user action, such as drag-and-drop or via an `input` form element).

Note: the base URL is currently typically taken from the feed itself (specifically the "link" feed (channel) metadata).  That is controlled by the feed author (or a man-in-the-middle attacker).  It should perhaps be validated to ensure it's actually an HTTP/HTTPS URL, to prevent security problems.

The app-specific JavaScripts - used for fixing styling issues and the like - are now formally loaded as extensions to the web page, "user scripts" in WebKit parlance.  They're isolated to their own JavaScript world - meaning they can't be seen or manipulated by JavaScript from the feed article itself, and are more secure as a result.

Fixes #4156.

Co-Authored-By: Brent Simmons <1297121+brentsimmons@users.noreply.github.com>
 2023-11-22 13:47:54 -08:00
Brent Simmons
e9f26c9adc Merge pull request #4153 from vincode-io/fix-article-extractor-button-right-click 
Fix article extractor button right click for Sonoma
 2023-11-19 21:23:21 -08:00
Maurice Parker
c0f11ea91a Remove extraneous character 2023-11-11 12:57:10 -06:00
Maurice Parker
96dd6cea16 Fix regression that didn't allow any events to register 2023-11-11 12:53:12 -06:00
Maurice Parker
f9e7de718d Update right click toolbar code for Sonoma 2023-11-11 12:43:02 -06:00
Brent Simmons
3c17f8f835 Merge pull request #4146 from teddybradford/patch-2 
Re-add figcaption margin
 2023-11-03 21:34:50 -07:00
Teddy Bradford
e34f002a1b Re-add spacing between figure img and caption 2023-11-02 03:25:32 -04:00
Brent Simmons
6cd8715eb0 Convert AccountDelegate.syncArticleStatus to async/await. 2023-10-27 22:13:29 -07:00
Brent Simmons
98c8135d04 Convert AccountDelegate.refreshAll to async/await. 2023-10-27 21:49:23 -07:00
Brent Simmons
029842d04d Convert removeFolder to async/await. 2023-10-10 22:54:22 -07:00
Brent Simmons
d92c72c15d Convert renameFolder to async/await. 2023-10-10 22:25:58 -07:00
Brent Simmons
9285a956fa Convert receiveRemoteNotification to async/await. 2023-10-10 22:07:04 -07:00
Brent Simmons
378e116b5c Convert AccountDelegate.createFolder to async/await. 2023-10-10 21:21:52 -07:00
Brent Simmons
490095fd73 Convert account.rename to async/await. 2023-10-07 11:30:38 -07:00
Brent Simmons
f042c97156 Convert validateCredentials to async/await. 2023-10-07 10:53:02 -07:00
Brent Simmons
264db50981 Continue converting ArticlesDatabase to async/await. 2023-10-04 21:44:58 -07:00
Brent Simmons
0c879a319a Continue converting ArticlesDatabase to async/await. 2023-10-04 21:35:57 -07:00
Brent Simmons
61061fdd6b Continue converting ArticlesDatabase to async/await. 2023-10-04 21:25:11 -07:00
Brent Simmons
fd6b6b1227 Continue converting ArticlesDatabase to async/await. 2023-10-04 21:14:47 -07:00
Brent Simmons
03cb969242 Continue converting ArticlesDatabase to async/await. 2023-10-04 21:10:29 -07:00
Brent Simmons
48f1bec744 Continue adoptContinue converting ArticlesDatabase to async/await. 2023-10-04 20:59:04 -07:00
Brent Simmons
c0b92dfa78 Continue converting ArticlesDatabase to async/await. 2023-10-02 21:01:03 -07:00
Brent Simmons
0c376828d2 Continue converting ArticlesDatabase to async/await. 2023-10-01 21:58:45 -07:00
Brent Simmons
10732e45c7 Fix accidental deletion. 2023-10-01 21:35:43 -07:00
Brent Simmons
085d8ec06c Continue converting ArticlesDatabase to async/await. 2023-10-01 21:35:19 -07:00
Brent Simmons
373d7ed98b Continue converting ArticlesDatabase to async/await. 2023-10-01 14:15:17 -07:00
Brent Simmons
ad6b00a6d5 Continue converting ArticlesDatabase to async/await. 2023-10-01 13:15:18 -07:00
Brent Simmons
d419aac947 Continue converting ArticlesDatabase to async/await. 2023-10-01 12:21:39 -07:00
Brent Simmons
84412dfddd Continue converting ArticlesDatabase to async/await. 2023-09-30 22:13:15 -07:00
Brent Simmons
5824154293 Merge branch 'main' of https://github.com/Ranchero-Software/NetNewsWire 2023-09-30 21:40:25 -07:00
Brent Simmons
ea16197a3d Continue converting ArticlesDatabase to async/await. 2023-09-30 21:39:48 -07:00
Brent Simmons
46db34dfca Continue converting ArticlesDatabase to async/await. 2023-09-30 21:12:07 -07:00
Brent Simmons
d38a9e8661 Merge pull request #4121 from Wevah/footnote-overlap-fix 
Fix footnote popovers overlapping nearby later footnote bubbles
 2023-09-29 21:56:16 -07:00
Nate Weaver
9a1b688253 Fix footnote popovers overlapping nearby later footnote bubbles 2023-09-24 16:23:12 -05:00
Brent Simmons
6c33ccbceb Delete fetchArticlesAsync method with completion handler in favor of async/await articlesForFeed method. 2023-09-24 11:58:29 -07:00
Brent Simmons
12fb814bff Rename Master* to Main*. 2023-09-24 11:10:50 -07:00
Brent Simmons
d61a895bc4 Rename masterFolderImage to folderImage. 2023-09-24 10:42:07 -07:00
Brent Simmons
a2ab1f221b Convert FeedFinder public API to async/await. 2023-09-24 10:38:20 -07:00
Brent Simmons
5e3086667d Continue renaming Id to ID (and similar renames). 2023-09-16 22:04:43 -07:00
Brent Simmons
dd8df6e6c5 Continue renaming Id to ID in Feedly code. 2023-09-14 22:52:49 -07:00
Brent Simmons
ae2ffed911 Continue renaming Id to ID in Feedly code. 2023-09-14 22:41:16 -07:00
Brent Simmons
ed27c2d7e3 Continue renaming Id to ID. 2023-09-14 22:35:01 -07:00
Brent Simmons
617bb4d28b Rename FeedlyIngestUnreadArticleIdsOperation to FeedlyIngestUnreadArticleIDsOperation. 2023-09-14 21:49:24 -07:00
Brent Simmons
7d669f1b8c Rename FeedlyTagResourceId to FeedlyTagResourceID. 2023-09-14 21:48:10 -07:00
Brent Simmons
c6f7de5fcc Rename FeedlyGetUpdatedArticleIdsOperation to FeedlyGetUpdatedArticleIDsOperation. 2023-09-13 19:25:14 -07:00
Brent Simmons
d61e085cdf Rename FeedlyGetStreamIdsOperation to FeedlyGetStreamIDsOperation. 2023-09-13 19:22:46 -07:00
Brent Simmons
3cf925bef7 Rename streamIds to streamIDs. 2023-09-13 19:19:11 -07:00
Brent Simmons
3539843537 Rename FeedlyIngestStreamArticleIdsOperation to FeedlyIngestStreamArticleIDsOperation. 2023-09-13 19:17:53 -07:00
Brent Simmons
756bf17175 Rename FeedlyFeedResourceId to FeedlyFeedResourceID. 2023-09-12 21:37:25 -07:00
Brent Simmons
77481fdcb3 Rename FeedlyResourceId to FeedlyResourceID. 2023-09-12 21:34:50 -07:00