Commit Graph

8503 Commits (7c0eb1b6210a019926ec69179c81d545ac865b64)
 

Author SHA1 Message Date
Andrew Dolgov 093d463320 af_zz_imgproxy: truncate url in error png 8 years ago
Andrew Dolgov bf6398650a af_zz_imgproxy: show GD-based (if possible) error message on proxy failure 8 years ago
Andrew Dolgov 4a23031fcd rewrite_relative_url: cleanup resulting url path while rewriting 8 years ago
Andrew Dolgov ab39e213b3 af_zz_imgproxy: disable api render hook: pointless, because api clients won't have an authenticated cookie-based session 8 years ago
Andrew Dolgov ff4f2b1e0c af_zz_imgproxy: fix typo 8 years ago
Andrew Dolgov 454292b295 format_article_enclosures: allow embedding .jpeg files 8 years ago
Andrew Dolgov 046a0cc7c8 fix previous, again 8 years ago
Andrew Dolgov bc83dcb381 af_zz_imgproxy: limit enclosure rewriting to images 8 years ago
Andrew Dolgov 676c7303ca add HOOK_ENCLOSURE_ENTRY for af_zz_imgproxy (2) 8 years ago
Andrew Dolgov 58210301e0 add HOOK_ENCLOSURE_ENTRY for af_zz_imgproxy 8 years ago
Andrew Dolgov 3891782cf5 Merge branch 'fix-target-blank-vulnerability' into 'master'
Prevent target='_blank' vulnerability on dynamic link

This merge request refere to https://tt-rss.org/forum/viewtopic.php?f=8&t=4048

It fix the issue I enconter on some feeds I follow.
Just need to add "noopener" and "noreferrer" on "_blank" link to avoid the vulnerability.

See merge request !46
8 years ago
Jérémy DECOOL ba2853caac Prevent target='_blank' vulnerability on dynamic link 8 years ago
Andrew Dolgov 2187322cae af_zz_imgproxy: redirect to caller url unless called in user context 8 years ago
Andrew Dolgov 4daaf23491 allow user plugins to expose public methods out in a limited fashion 8 years ago
Andrew Dolgov fafd32e2dc use get_self_url_prefix() when rewriting cached images 8 years ago
Andrew Dolgov dc8bd8a640 add some print_checkbox/print_button calls; rename some plugin preference pane titles 8 years ago
Andrew Dolgov 51198e7e40 af_zz_imgproxy: urlencode() url parameter, DUH 8 years ago
Andrew Dolgov 328118d12e use print_hidden() for hidden dojo form fields 8 years ago
Andrew Dolgov 8cf37284e7 af_zz_imgproxy: add optional setting to proxy all remote images
functions: add some form helper methods
8 years ago
Andrew Dolgov 38b3998bbc af_zz_imgproxy: use inline disposition, misc updates 8 years ago
Andrew Dolgov c93d43c617 update af_zz_imgproxy to plug into built-in image caching 8 years ago
Andrew Dolgov 7818bfde0b sanitize: properly handle cached content in archived articles 8 years ago
Andrew Dolgov c4ebf01e69 add af_zz_imgproxy (initial) 8 years ago
Andrew Dolgov 70c0a8c2e0 pass several image files used in notify messages to frontend as base64 to prevent broken error messages in case network connection is down. also, update some close buttons to show correct cursor. 8 years ago
Andrew Dolgov 3188e863b3 handle_rpc_json: fix netalert button never appearing on JSON parse error 8 years ago
Andrew Dolgov 829d478f1b add some protection against opener attacks if external site is opened via window.open() 8 years ago
Andrew Dolgov 23c8ef7e36 parse_counters: skip subscribed-feeds id properly 8 years ago
Andrew Dolgov 9c7ebaa08c cached_image: remove unnecessary basename() 8 years ago
Andrew Dolgov 6358d70d5e reset local counter cache when feed count changes 8 years ago
Andrew Dolgov 5edd605ae1 image cache: do not try to cache data: schema urls; add caching of html5 video content (similar to cache_starred_images plugin) 8 years ago
Andrew Dolgov 0442cbb6c1 image cache: send files as content-disposition: attachment; add .png suffix to image urls 8 years ago
Andrew Dolgov 60e97d9e63 af_redditimgur: inline streamable.com videos 8 years ago
Andrew Dolgov f45a1152bb af_readability: force utf8 preamble on html document load. no idea why but it seems to work better even for not-unicode sites. 8 years ago
Andrew Dolgov 24c7e4132d subscribe dialog: do not report errors via alert()
fetch_file_contents: reset all globals on start, return error message body when not using curl
subscribe_to_feed: report if cloudflare is in the error message
8 years ago
Andrew Dolgov 80fbc1fdc4 compact.css: remove version tag 8 years ago
Andrew Dolgov 181c8285dd add compact theme with smaller font 8 years ago
Andrew Dolgov 22387de225 preferences: set themes dropdown to default if selected theme is missing 8 years ago
Andrew Dolgov 7d9aac9afa remove default.css 8 years ago
Andrew Dolgov e432b8fbe2 implement cache-busting for default theme.css
night theme: small fixes
8 years ago
Andrew Dolgov 7c04f8afeb increase content font size by 1px 8 years ago
Andrew Dolgov 553ec3c351 pass article guid to hook_render_article 8 years ago
Andrew Dolgov e304c1473b Merge branch 'fix-sanitize-dfn' into 'master'
sanitize: allow <dfn> tag

### In brief
* Add `<dfn>` tag to allowed tags list
  * `<dfn>` represents the defining instance of a term in HTML
  * More [information about `<dfn>` on the w3school's website](http://www.w3schools.com/tags/tag_dfn.asp )

### Example
This stops article content such as...
```
Indian tea harvests are divided up by <dfn>flush</dfn>.
```
...from getting turned into...
```
Indian tea harvests are divided up by .
```

See merge request !45
8 years ago
Shane Synan 311cdb27f4 sanitize: allow dfn tag
Add <dfn> tag to allowed tags list.  <dfn> represents the defining
instance of a term in HTML.
8 years ago
Andrew Dolgov e3cdbd87bc Merge branch 'more-af-comics' into 'master'
Support hyphens in GoComics URLs.



See merge request !44
8 years ago
JustAMacUser 051737e931 Support hyphens in GoComics URLs. 8 years ago
Andrew Dolgov 3b001e4330 support rel=noopener for links 8 years ago
Andrew Dolgov e934d63e0c fetch_file_contents: rework the way shim works to prevent intermittent warnings 8 years ago
Andrew Dolgov 67268b0017 sanitize: allow acronym tag 8 years ago
Andrew Dolgov d2c3e846c4 add some vertical space to diijt menu items 8 years ago
Andrew Dolgov cb3f877303 reference pubsubhubbub classes using their namespace 8 years ago