1
0
Fork 0
forked from fedi/mastodon
mastodon/public
rinsuki 6e736f2452
fix: embed.js doesn't expands iframes height ()
also including some refactoring:
- add `// @ts-check`
- use Map to completely avoid prototype pollution
- assign random id to each iframe for reduce chance to brute-force attack, and leak of iframe counts
- check iframe.contentWindow and MessageEvent.source to validate message is coming from correct iframe (it works on latest Chrome/Firefox/Safari but I'm not sure this is allowed by spec)

follow-up of 
fix 
2022-05-04 03:20:44 +02:00
..
avatars/original add new avatar placeholder missing.png () 2018-03-11 14:55:38 +01:00
emoji Fix light-mode emoji borders. () 2022-04-29 19:23:03 +02:00
headers/original Optimize public/headers/missing.png () 2018-04-09 11:34:48 +02:00
ocr/lang-data Add OCR tool to media editing modal () 2019-08-15 15:13:26 +02:00
shortcuts Add app shortcuts () 2020-12-15 02:04:56 +01:00
sounds Add artist, title, and date metadata to boop.{mp3,ogg} () 2017-10-28 00:05:04 +09:00
500.html Fix - Create symlink from public/500.html to public/assets/500.html () 2017-10-09 20:51:24 +02:00
android-chrome-192x192.png Crush PNGs to reduce overall size () 2018-07-05 15:20:16 +02:00
apple-touch-icon.png Crush PNGs to reduce overall size () 2018-07-05 15:20:16 +02:00
badge.png Crush PNGs to reduce overall size () 2018-07-05 15:20:16 +02:00
browserconfig.xml New logo () 2017-07-23 02:40:39 +02:00
embed.js fix: embed.js doesn't expands iframes height () 2022-05-04 03:20:44 +02:00
favicon-dev.ico Use the "m" version of the logo for favicons () 2017-07-24 19:54:59 +02:00
favicon.ico Use the "m" version of the logo for favicons () 2017-07-24 19:54:59 +02:00
inert.css Remove 'unsafe-inline' from Content-Security-Policy style-src () 2020-05-08 21:22:57 +02:00
mask-icon.svg New logo () 2017-07-23 02:40:39 +02:00
mstile-150x150.png Crush PNGs to reduce overall size () 2018-07-05 15:20:16 +02:00
oops.gif New error page graphic. Other error page improvements () 2017-09-25 23:05:54 +02:00
oops.png Change error graphic to hover-to-play () 2019-02-15 23:33:25 +01:00
robots.txt Disallow robots from indexing /interact/ () 2019-05-02 00:10:19 +02:00
sw.js fix : place sw.js to assets/sw.js () 2017-07-28 01:55:52 +02:00
web-push-icon_expand.png Crush PNGs to reduce overall size () 2018-07-05 15:20:16 +02:00
web-push-icon_favourite.png Crush PNGs to reduce overall size () 2018-07-05 15:20:16 +02:00
web-push-icon_reblog.png Use consistent icons for web push notifications, same as web UI () 2017-07-28 18:13:42 +02:00