tykayn
/
mastodon
mirror of https://framagit.org/tykayn/mastodon.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
16,628 Commits 20 Branches 113 Tags 222 MiB
Commit Graph

5 Commits

Author SHA1 Message Date
tykayn aa4b715513 Merge remote-tracking branch 'glitch-soc/main' 
# Conflicts:
#	app/controllers/concerns/sign_in_token_authentication_concern.rb
#	app/javascript/mastodon/features/compose/components/action_bar.js
#	app/javascript/mastodon/features/compose/index.js
 2022-05-10 10:17:24 +02:00
rinsuki 6e736f2452
fix: embed.js doesn't expands iframes height (#18301) 
also including some refactoring:
- add `// @ts-check`
- use Map to completely avoid prototype pollution
- assign random id to each iframe for reduce chance to brute-force attack, and leak of iframe counts
- check iframe.contentWindow and MessageEvent.source to validate message is coming from correct iframe (it works on latest Chrome/Firefox/Safari but I'm not sure this is allowed by spec)

follow-up of #17420
fix #18299
 2022-05-04 03:20:44 +02:00
Tykayn 7e3c5d1ec8 integrate glitch 2022-03-29 10:12:39 +02:00
Rohan Sharma 4d6d4b43c6
Fixed prototype pollution bug and only allow trusted origin (#17420) 2022-02-01 17:34:48 +01:00
Eugen Rochko 6867681c7c Add script to make embedded iframes autosize (#4853) 2017-09-09 16:23:44 +02:00