aiden
/
mastodon
mirror of https://github.com/mastodon/mastodon
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mastodon/public
History
rinsuki 6e736f2452
fix: embed.js doesn't expands iframes height () 
also including some refactoring:
- add `// @ts-check`
- use Map to completely avoid prototype pollution
- assign random id to each iframe for reduce chance to brute-force attack, and leak of iframe counts
- check iframe.contentWindow and MessageEvent.source to validate message is coming from correct iframe (it works on latest Chrome/Firefox/Safari but I'm not sure this is allowed by spec)

follow-up of 
fix
..
avatars/original
emoji Fix light-mode emoji borders. ()
headers/original
ocr/lang-data Add OCR tool to media editing modal ()
shortcuts Add app shortcuts ()
sounds
500.html
android-chrome-192x192.png Crush PNGs to reduce overall size ()
apple-touch-icon.png Crush PNGs to reduce overall size ()
badge.png Crush PNGs to reduce overall size ()
browserconfig.xml
embed.js fix: embed.js doesn't expands iframes height ()
favicon-dev.ico
favicon.ico
inert.css Remove 'unsafe-inline' from Content-Security-Policy style-src ()
mask-icon.svg
mstile-150x150.png Crush PNGs to reduce overall size ()
oops.gif
oops.png Change error graphic to hover-to-play ()
robots.txt Disallow robots from indexing /interact/ ()
sw.js
web-push-icon_expand.png Crush PNGs to reduce overall size ()
web-push-icon_favourite.png Crush PNGs to reduce overall size ()
web-push-icon_reblog.png