rdelaage
/
miniflux-v2
mirror of https://github.com/miniflux/v2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
miniflux-v2/ui
History
Frédéric Guillot eb9508502c Avoid XSS when opening a broken image due to unescaped ServerError in proxy handler 
Creating an RSS feed item with the inline description containing an `<img>` tag
with a `srcset` attribute pointing to an invalid URL like
`http:a<script>alert(1)</script>`, we can coerce the proxy handler into an error
condition where the invalid URL is returned unescaped and in full.

This results in JavaScript execution on the Miniflux instance as soon as the
user is convinced to open the broken image.
 		2023-03-12 22:36:03 -07:00
..
form Add option to enable or disable double tap 2023-01-14 16:59:52 -08:00
session Fix some linter issues 2022-08-08 22:06:38 -07:00
static fix: add `color-scheme` to themes 2023-02-05 20:58:23 -08:00
view Fix some linter issues 2022-08-08 22:06:38 -07:00
about.go Display Go version on /about 2022-01-22 11:00:12 -08:00
api_key_create.go Add Prometheus exporter 2020-09-27 20:04:48 -07:00
api_key_list.go Add Prometheus exporter 2020-09-27 20:04:48 -07:00
api_key_remove.go Add per-application API Keys 2020-03-01 18:22:45 -08:00
api_key_save.go Add Prometheus exporter 2020-09-27 20:04:48 -07:00
bookmark_entries.go Allow API search for entries which are not starred 2022-04-13 21:53:06 -07:00
category_create.go Add Prometheus exporter 2020-09-27 20:04:48 -07:00
category_edit.go add option to hide categories from the global unread list 2021-06-12 13:06:30 -07:00
category_entries.go Add ability to change entry sort order in the UI 2021-09-09 19:59:12 -07:00
category_entries_all.go Add ability to change entry sort order in the UI 2021-09-09 19:59:12 -07:00
category_feeds.go Add Prometheus exporter 2020-09-27 20:04:48 -07:00
category_list.go Add Prometheus exporter 2020-09-27 20:04:48 -07:00
category_mark_as_read.go ui: Expose markCategoryAsRead 2021-07-05 14:13:18 -07:00
category_refresh.go Add category feeds refresh 2022-12-12 19:41:30 -08:00
category_remove.go Move UI middlewares and routes to ui package 2018-11-11 11:29:12 -08:00
category_save.go Refactor category validation 2021-01-03 22:50:24 -08:00
category_update.go add option to hide categories from the global unread list 2021-06-12 13:06:30 -07:00
doc.go Fix some linter issues 2022-08-08 22:06:38 -07:00
entry_bookmark.go Fix inconsistent navigation 2021-09-24 16:22:00 -07:00
entry_category.go Fix inconsistent navigation 2021-09-24 16:22:00 -07:00
entry_feed.go Fix inconsistent navigation 2021-09-24 16:22:00 -07:00
entry_read.go Fix inconsistent navigation in history pages 2021-09-24 16:22:00 -07:00
entry_save.go Refactor config package 2019-06-02 06:30:08 -07:00
entry_scraper.go Proxy support for several media types 2023-02-25 15:57:59 -08:00
entry_search.go Fix inconsistent navigation 2021-09-24 16:22:00 -07:00
entry_toggle_bookmark.go Move UI middlewares and routes to ui package 2018-11-11 11:29:12 -08:00
entry_unread.go Fix inconsistent navigation 2021-09-24 16:22:00 -07:00
entry_update_status.go add option to hide categories from the global unread list 2021-06-12 13:06:30 -07:00
feed_edit.go Add rewrite rules for article URL before fetching content 2022-07-11 21:12:26 -07:00
feed_entries.go Add ability to change entry sort order in the UI 2021-09-09 19:59:12 -07:00
feed_entries_all.go Add ability to change entry sort order in the UI 2021-09-09 19:59:12 -07:00
feed_icon.go Add Content-Security-Policy header to feed icon url 2022-01-02 17:38:53 -08:00
feed_list.go Add Prometheus exporter 2020-09-27 20:04:48 -07:00
feed_mark_as_read.go Add link to mark a feed as read 2020-08-19 22:17:33 -07:00
feed_refresh.go Refactor feed creation to allow setting most fields via API 2021-01-02 16:48:22 -08:00
feed_remove.go Security fix: any user can delete any feed 2021-05-07 16:25:44 -07:00
feed_update.go Add rewrite rules for article URL before fetching content 2022-07-11 21:12:26 -07:00
handler.go Refactor feed creation to allow setting most fields via API 2021-01-02 16:48:22 -08:00
history_entries.go Add Prometheus exporter 2020-09-27 20:04:48 -07:00
history_flush.go Ask for confirmation before flushing history 2019-07-17 21:40:03 -07:00
integration_pocket.go Refactor config package 2019-06-02 06:30:08 -07:00
integration_show.go Add matrix bot support 2022-10-27 17:53:19 -07:00
integration_update.go Add Google Reader API implementation (experimental) 2022-01-02 19:45:12 -08:00
login_check.go Make default home page configurable 2022-07-26 22:03:03 -07:00
login_show.go Make default home page configurable 2022-07-26 22:03:03 -07:00
logout.go Refactor config package 2019-06-02 06:30:08 -07:00
middleware.go Proxify images in API responses 2022-10-27 17:33:18 -07:00
oauth2.go Reformat some Go files 2021-01-27 18:13:58 -08:00
oauth2_callback.go Refactor user validation 2021-01-03 21:36:35 -08:00
oauth2_redirect.go Remove extra column from users table (HSTORE field) 2020-12-21 21:35:03 -08:00
oauth2_unlink.go Remove extra column from users table (HSTORE field) 2020-12-21 21:35:03 -08:00
offline.go Add basic PWA offline page 2021-03-07 15:44:42 -08:00
opml_export.go Move UI middlewares and routes to ui package 2018-11-11 11:29:12 -08:00
opml_import.go Add Prometheus exporter 2020-09-27 20:04:48 -07:00
opml_upload.go Add Prometheus exporter 2020-09-27 20:04:48 -07:00
pagination.go Add option to change the number of entries per page (fixes #40) 2020-07-08 20:14:31 -07:00
proxy.go Avoid XSS when opening a broken image due to unescaped ServerError in proxy handler 2023-03-12 22:36:03 -07:00
search_entries.go Add Prometheus exporter 2020-09-27 20:04:48 -07:00
session_list.go Add Prometheus exporter 2020-09-27 20:04:48 -07:00
session_remove.go Improve logging messages in ui package 2018-11-11 11:47:41 -08:00
settings_show.go Add option to enable or disable double tap 2023-01-14 16:59:52 -08:00
settings_update.go Make default home page configurable 2022-07-26 22:03:03 -07:00
share.go Add page to list and remove shared entries 2020-03-22 19:53:44 -07:00
shared_entries.go Add ability to change entry sort order in the UI 2021-09-09 19:59:12 -07:00
static_app_icon.go Use SVG sprite for icons 2021-03-07 11:18:42 -08:00
static_favicon.go Use embed package for binary assets instead of generated files 2021-02-17 20:15:28 -08:00
static_javascript.go Add basic PWA offline page 2021-03-07 15:44:42 -08:00
static_manifest.go Use custom home page in PWA 2022-11-12 20:12:39 -08:00
static_stylesheet.go Avoid extra HTTP request for fetching custom stylesheet 2021-05-31 14:29:33 -07:00
subscription_add.go Show correct User Agent in input placeholders 2020-12-16 21:30:22 -08:00
subscription_bookmarklet.go Subscribe to feeds with the Android Share menu 2021-01-02 11:48:07 -08:00
subscription_choose.go Add rewrite rules for article URL before fetching content 2022-07-11 21:12:26 -07:00
subscription_submit.go Log feed URL when submitting a subscription that returns an error 2022-09-18 17:37:53 -07:00
ui.go Proxy support for several media types 2023-02-25 15:57:59 -08:00
unread_entries.go Remove dependency to go-server-timing 2022-10-23 16:59:05 -07:00
unread_mark_all_read.go Ask for confirmation before clicking on mark all as read 2019-07-17 22:00:00 -07:00
user_create.go Add Prometheus exporter 2020-09-27 20:04:48 -07:00
user_edit.go Add Prometheus exporter 2020-09-27 20:04:48 -07:00
user_list.go Add Prometheus exporter 2020-09-27 20:04:48 -07:00
user_remove.go API: Delete users asynchronously 2020-07-28 20:39:10 -07:00
user_save.go Refactor user validation 2021-01-03 21:36:35 -08:00
user_update.go Refactor user validation 2021-01-03 21:36:35 -08:00