| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
UrlPreviewService
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
error while fetching the note
|
| | |
|
| |
|
|
| |
note is fetched
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
support for Akkoma
|
| |
|
|
| |
the whole preview
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
# Conflicts:
# .github/workflows/api-misskey-js.yml
# .github/workflows/changelog-check.yml
# .github/workflows/check-misskey-js-autogen.yml
# .github/workflows/get-api-diff.yml
# .github/workflows/lint.yml
# .github/workflows/locale.yml
# .github/workflows/on-release-created.yml
# .github/workflows/storybook.yml
# .github/workflows/test-backend.yml
# .github/workflows/test-federation.yml
# .github/workflows/test-frontend.yml
# .github/workflows/test-misskey-js.yml
# .github/workflows/test-production.yml
# .github/workflows/validate-api-json.yml
# package.json
# packages/backend/package.json
# packages/backend/src/server/api/ApiCallService.ts
# packages/backend/src/server/api/endpoints/drive/files/create.ts
# packages/frontend-shared/js/url.ts
# packages/frontend/package.json
# packages/frontend/src/components/MkFileCaptionEditWindow.vue
# packages/frontend/src/components/MkInfo.vue
# packages/frontend/src/components/MkLink.vue
# packages/frontend/src/components/MkNote.vue
# packages/frontend/src/components/MkNotes.vue
# packages/frontend/src/components/MkPageWindow.vue
# packages/frontend/src/components/MkReactionsViewer.vue
# packages/frontend/src/components/MkTimeline.vue
# packages/frontend/src/components/MkUrlPreview.vue
# packages/frontend/src/components/MkUserPopup.vue
# packages/frontend/src/components/global/MkPageHeader.vue
# packages/frontend/src/components/global/MkUrl.vue
# packages/frontend/src/components/global/PageWithHeader.vue
# packages/frontend/src/pages/about-misskey.vue
# packages/frontend/src/pages/announcements.vue
# packages/frontend/src/pages/antenna-timeline.vue
# packages/frontend/src/pages/channel.vue
# packages/frontend/src/pages/instance-info.vue
# packages/frontend/src/pages/note.vue
# packages/frontend/src/pages/page.vue
# packages/frontend/src/pages/role.vue
# packages/frontend/src/pages/tag.vue
# packages/frontend/src/pages/timeline.vue
# packages/frontend/src/pages/user-list-timeline.vue
# packages/frontend/src/pages/user/followers.vue
# packages/frontend/src/pages/user/following.vue
# packages/frontend/src/pages/user/home.vue
# packages/frontend/src/pages/user/index.vue
# packages/frontend/src/ui/deck.vue
# packages/misskey-js/generator/package.json
# pnpm-lock.yaml
# scripts/changelog-checker/package-lock.json
# scripts/changelog-checker/package.json
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* SP-2025-03.1 always wrap icon&thumbnail URLs
if they're not HTTP URLs, the frontend won't be able to display them
anyway (`<img src="mailto:…">` or '<div stile="background-image:
url(nntp:…)">` aren't going to work!), so let's always run them through the
media proxy, which will fail harder (fetching a `javascript:` URL
won't do anything in the backend, might do something in the frontend)
and will always protect the client's address in cases like `gemini:`
where the browser could try to fetch
* SP-2025-03.2 use object binding for more styles
interpolating a random (remote-controlled!) string into a `style`
attribute is a bad idea; using VueJS object binding, we should get
proper quoting and therefore safe parse failures instead of CSS
injections / XSS
* SP-2025-03.3 slightly more robust "self" URL handling
parse URLs instead of treating them as strings; this is still not
perfect, but the `URL` class only handles full URLs, not relative
ones, so there's so way to ask it "give me a URL object that
represents this resource relative to this base URL"
notice that passing very weird URLs to `MkUrl` and `MkUrlPreview` will
break the frontend (in dev mode) because there's an untrapped `new
URL(…)` that may explode; production builds seem to safely ignore the
error, though
---------
Co-authored-by: dakkar <dakkar@thenautilus.net>
|
| |\ \ |
|
| | |\ \ |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
Co-Authored-By: dakkar <dakkar@thenautilus.net>
|
| |\ \ \ \
| | |_|/
| |/| | |
|
| | | | |
| | | |
| | | |
| | | | |
担ってることがある問題 (#15833)
|
| |\ \ \ \
| | |/ /
| |/| |
| | | |
| | | |
| | | | |
# Conflicts:
# CONTRIBUTING.md
# packages/backend/src/core/activitypub/models/ApPersonService.ts
|
| | |\ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/759
Approved-by: Hazelnoot <acomputerdog@gmail.com>
Approved-by: Marie <github@yuugi.dev>
|
| | | | | | |
|
| |\| | | | |
|
| | | | | | |
|
