1
0
Fork 0
forked from fedi/mastodon
mastodon/public
rinsuki 6e736f2452
fix: embed.js doesn't expands iframes height (#18301)
also including some refactoring:
- add `// @ts-check`
- use Map to completely avoid prototype pollution
- assign random id to each iframe for reduce chance to brute-force attack, and leak of iframe counts
- check iframe.contentWindow and MessageEvent.source to validate message is coming from correct iframe (it works on latest Chrome/Firefox/Safari but I'm not sure this is allowed by spec)

follow-up of #17420
fix #18299
2022-05-04 03:20:44 +02:00
..
avatars/original add new avatar placeholder missing.png (#6728) 2018-03-11 14:55:38 +01:00
emoji Fix light-mode emoji borders. (#18131) 2022-04-29 19:23:03 +02:00
headers/original Optimize public/headers/missing.png (#7084) 2018-04-09 11:34:48 +02:00
ocr/lang-data Add OCR tool to media editing modal (#11566) 2019-08-15 15:13:26 +02:00
shortcuts Add app shortcuts (#15234) 2020-12-15 02:04:56 +01:00
sounds Add artist, title, and date metadata to boop.{mp3,ogg} (#5531) 2017-10-28 00:05:04 +09:00
500.html Fix #5274 - Create symlink from public/500.html to public/assets/500.html (#5288) 2017-10-09 20:51:24 +02:00
android-chrome-192x192.png Crush PNGs to reduce overall size (#7954) 2018-07-05 15:20:16 +02:00
apple-touch-icon.png Crush PNGs to reduce overall size (#7954) 2018-07-05 15:20:16 +02:00
badge.png Crush PNGs to reduce overall size (#7954) 2018-07-05 15:20:16 +02:00
browserconfig.xml New logo (#4306) 2017-07-23 02:40:39 +02:00
embed.js fix: embed.js doesn't expands iframes height (#18301) 2022-05-04 03:20:44 +02:00
favicon-dev.ico Use the "m" version of the logo for favicons (#4345) 2017-07-24 19:54:59 +02:00
favicon.ico Use the "m" version of the logo for favicons (#4345) 2017-07-24 19:54:59 +02:00
inert.css Remove 'unsafe-inline' from Content-Security-Policy style-src (#13679) 2020-05-08 21:22:57 +02:00
mask-icon.svg New logo (#4306) 2017-07-23 02:40:39 +02:00
mstile-150x150.png Crush PNGs to reduce overall size (#7954) 2018-07-05 15:20:16 +02:00
oops.gif New error page graphic. Other error page improvements (#5099) 2017-09-25 23:05:54 +02:00
oops.png Change error graphic to hover-to-play (#10055) 2019-02-15 23:33:25 +01:00
robots.txt Disallow robots from indexing /interact/ (#10666) 2019-05-02 00:10:19 +02:00
sw.js fix #4356 : place sw.js to assets/sw.js (#4357) 2017-07-28 01:55:52 +02:00
web-push-icon_expand.png Crush PNGs to reduce overall size (#7954) 2018-07-05 15:20:16 +02:00
web-push-icon_favourite.png Crush PNGs to reduce overall size (#7954) 2018-07-05 15:20:16 +02:00
web-push-icon_reblog.png Use consistent icons for web push notifications, same as web UI (#4426) 2017-07-28 18:13:42 +02:00