20deb5fc32
cdmcollapse/expand: use less convoluted selector queries
2017-02-13 22:45:30 +03:00
61570c474b
add af_zz_vidmute
2017-02-13 19:21:38 +03:00
093d463320
af_zz_imgproxy: truncate url in error png
2017-02-13 15:49:41 +03:00
bf6398650a
af_zz_imgproxy: show GD-based (if possible) error message on proxy failure
2017-02-13 15:25:52 +03:00
4a23031fcd
rewrite_relative_url: cleanup resulting url path while rewriting
2017-02-13 15:25:21 +03:00
ab39e213b3
af_zz_imgproxy: disable api render hook: pointless, because api clients won't have an authenticated cookie-based session
2017-02-13 08:46:36 +03:00
ff4f2b1e0c
af_zz_imgproxy: fix typo
2017-02-13 08:08:19 +03:00
454292b295
format_article_enclosures: allow embedding .jpeg files
2017-02-12 20:24:29 +03:00
046a0cc7c8
fix previous, again
2017-02-12 20:23:52 +03:00
bc83dcb381
af_zz_imgproxy: limit enclosure rewriting to images
2017-02-12 17:32:43 +03:00
676c7303ca
add HOOK_ENCLOSURE_ENTRY for af_zz_imgproxy (2)
2017-02-12 17:02:07 +03:00
58210301e0
add HOOK_ENCLOSURE_ENTRY for af_zz_imgproxy
2017-02-12 16:01:28 +03:00
3891782cf5
Merge branch 'fix-target-blank-vulnerability' into 'master'
...
Prevent target='_blank' vulnerability on dynamic link
This merge request refere to https://tt-rss.org/forum/viewtopic.php?f=8&t=4048
It fix the issue I enconter on some feeds I follow.
Just need to add "noopener" and "noreferrer" on "_blank" link to avoid the vulnerability.
See merge request !46
2017-02-12 14:19:37 +03:00
ba2853caac
Prevent target='_blank' vulnerability on dynamic link
2017-02-12 11:01:36 +01:00
2187322cae
af_zz_imgproxy: redirect to caller url unless called in user context
2017-02-10 22:02:30 +03:00
4daaf23491
allow user plugins to expose public methods out in a limited fashion
2017-02-10 16:04:28 +03:00
fafd32e2dc
use get_self_url_prefix() when rewriting cached images
2017-02-10 15:14:47 +03:00
dc8bd8a640
add some print_checkbox/print_button calls; rename some plugin preference pane titles
2017-02-10 14:57:25 +03:00
51198e7e40
af_zz_imgproxy: urlencode() url parameter, DUH
2017-02-10 14:41:11 +03:00
328118d12e
use print_hidden() for hidden dojo form fields
2017-02-10 14:36:21 +03:00
8cf37284e7
af_zz_imgproxy: add optional setting to proxy all remote images
...
functions: add some form helper methods
2017-02-10 14:17:18 +03:00
38b3998bbc
af_zz_imgproxy: use inline disposition, misc updates
2017-02-10 12:37:21 +03:00
c93d43c617
update af_zz_imgproxy to plug into built-in image caching
2017-02-10 12:12:09 +03:00
7818bfde0b
sanitize: properly handle cached content in archived articles
2017-02-10 12:11:09 +03:00
c4ebf01e69
add af_zz_imgproxy (initial)
2017-02-10 10:30:48 +03:00
70c0a8c2e0
pass several image files used in notify messages to frontend as base64 to prevent broken error messages in case network connection is down. also, update some close buttons to show correct cursor.
2017-02-09 23:19:26 +03:00
3188e863b3
handle_rpc_json: fix netalert button never appearing on JSON parse error
2017-02-09 23:04:34 +03:00
829d478f1b
add some protection against opener attacks if external site is opened via window.open()
2017-02-08 15:07:05 +03:00
23c8ef7e36
parse_counters: skip subscribed-feeds id properly
2017-02-04 14:50:50 +03:00
9c7ebaa08c
cached_image: remove unnecessary basename()
2017-02-04 12:02:17 +03:00
6358d70d5e
reset local counter cache when feed count changes
2017-02-04 11:57:31 +03:00
5edd605ae1
image cache: do not try to cache data: schema urls; add caching of html5 video content (similar to cache_starred_images plugin)
2017-02-04 11:50:01 +03:00
0442cbb6c1
image cache: send files as content-disposition: attachment; add .png suffix to image urls
2017-02-04 11:32:24 +03:00
60e97d9e63
af_redditimgur: inline streamable.com videos
2017-01-29 14:36:37 +03:00
f45a1152bb
af_readability: force utf8 preamble on html document load. no idea why but it seems to work better even for not-unicode sites.
2017-01-28 14:24:48 +03:00
24c7e4132d
subscribe dialog: do not report errors via alert()
...
fetch_file_contents: reset all globals on start, return error message body when not using curl
subscribe_to_feed: report if cloudflare is in the error message
2017-01-28 12:45:49 +03:00
80fbc1fdc4
compact.css: remove version tag
2017-01-26 22:43:57 +03:00
181c8285dd
add compact theme with smaller font
2017-01-26 22:41:18 +03:00
22387de225
preferences: set themes dropdown to default if selected theme is missing
2017-01-26 22:37:22 +03:00
7d9aac9afa
remove default.css
2017-01-25 12:18:15 +03:00
e432b8fbe2
implement cache-busting for default theme.css
...
night theme: small fixes
2017-01-25 12:17:41 +03:00
7c04f8afeb
increase content font size by 1px
2017-01-25 11:22:53 +03:00
553ec3c351
pass article guid to hook_render_article
2017-01-25 08:50:42 +03:00
e304c1473b
Merge branch 'fix-sanitize-dfn' into 'master'
...
sanitize: allow <dfn> tag
### In brief
* Add `<dfn>` tag to allowed tags list
* `<dfn>` represents the defining instance of a term in HTML
* More [information about `<dfn>` on the w3school's website](http://www.w3schools.com/tags/tag_dfn.asp )
### Example
This stops article content such as...
```
Indian tea harvests are divided up by <dfn>flush</dfn>.
```
...from getting turned into...
```
Indian tea harvests are divided up by .
```
See merge request !45
2017-01-25 08:43:50 +03:00
311cdb27f4
sanitize: allow dfn tag
...
Add <dfn> tag to allowed tags list. <dfn> represents the defining
instance of a term in HTML.
2017-01-24 18:39:17 -06:00
e3cdbd87bc
Merge branch 'more-af-comics' into 'master'
...
Support hyphens in GoComics URLs.
See merge request !44
2017-01-24 23:08:21 +03:00
051737e931
Support hyphens in GoComics URLs.
2017-01-24 15:06:46 -05:00
3b001e4330
support rel=noopener for links
2017-01-24 18:45:25 +03:00
e934d63e0c
fetch_file_contents: rework the way shim works to prevent intermittent warnings
2017-01-24 15:11:13 +03:00
67268b0017
sanitize: allow acronym tag
2017-01-24 11:36:43 +03:00
Andrew Dolgov
Andrew Dolgov
Andrew Dolgov
Jérémy DECOOL
Shane Synan
JustAMacUser