1
0
Fork 0
forked from fedi/mastodon
mastodon/public
rinsuki 6e736f2452
fix: embed.js doesn't expands iframes height (#18301)
also including some refactoring:
- add `// @ts-check`
- use Map to completely avoid prototype pollution
- assign random id to each iframe for reduce chance to brute-force attack, and leak of iframe counts
- check iframe.contentWindow and MessageEvent.source to validate message is coming from correct iframe (it works on latest Chrome/Firefox/Safari but I'm not sure this is allowed by spec)

follow-up of #17420
fix #18299
2022-05-04 03:20:44 +02:00
..
avatars/original
emoji Fix light-mode emoji borders. (#18131) 2022-04-29 19:23:03 +02:00
headers/original
ocr/lang-data Add OCR tool to media editing modal (#11566) 2019-08-15 15:13:26 +02:00
shortcuts Add app shortcuts (#15234) 2020-12-15 02:04:56 +01:00
sounds
500.html
android-chrome-192x192.png
apple-touch-icon.png
badge.png
browserconfig.xml
embed.js fix: embed.js doesn't expands iframes height (#18301) 2022-05-04 03:20:44 +02:00
favicon-dev.ico
favicon.ico
inert.css Remove 'unsafe-inline' from Content-Security-Policy style-src (#13679) 2020-05-08 21:22:57 +02:00
mask-icon.svg
mstile-150x150.png
oops.gif
oops.png Change error graphic to hover-to-play (#10055) 2019-02-15 23:33:25 +01:00
robots.txt Disallow robots from indexing /interact/ (#10666) 2019-05-02 00:10:19 +02:00
sw.js
web-push-icon_expand.png
web-push-icon_favourite.png
web-push-icon_reblog.png