FreshRSS
/
FluentReader
mirror of https://github.com/yang991178/fluent-reader.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

enable code sandboxing

This commit is contained in:
刘浩远 2020-08-04 17:20:02 +08:00
parent 114d1802a3
commit aeb1b95975
5 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dist/article/article.html vendored
View File

@ -3,13 +3,13 @@
<head>
<meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy"
content="default-src 'none'; script-src-elem 'sha256-Y47O8EyR7IULmMXvvGsrM43xajwkPmTKvC8AhLDvg/o='; img-src http://* https://*; style-src 'self' 'unsafe-inline'; frame-src http://* https://*; media-src http://* https://*">
content="default-src 'none'; script-src-elem 'sha256-HLvh6tC4kZKt81b6Yi9wjdyXvuwO6InxwRG96ZZjHrw='; img-src http://* https://*; style-src 'self' 'unsafe-inline'; frame-src http://* https://*; media-src http://* https://*">
<title>Article</title>
<link rel="stylesheet" href="article.css" />
</head>
<body>
<div id="main"></div>
<script integrity="sha256-Y47O8EyR7IULmMXvvGsrM43xajwkPmTKvC8AhLDvg/o=" src="article.js"></script>
<script integrity="sha256-HLvh6tC4kZKt81b6Yi9wjdyXvuwO6InxwRG96ZZjHrw=" src="article.js"></script>
<!-- Run "cat article.js | openssl dgst -sha256 -binary | openssl enc -base64 -A" for hash -->
</body>
</html>

2
dist/article/article.js vendored
View File

@ -3,7 +3,7 @@ function get(name) {
return decodeURIComponent(name[1]);
}
document.documentElement.style.fontSize = get("s") + "px"
let html = decodeURIComponent(window.atob(get("h")))
let html = get("h")
let domParser = new DOMParser()
let dom = domParser.parseFromString(html, "text/html")
let baseEl = dom.createElement('base')

4
src/components/article.tsx
View File

@ -180,11 +180,11 @@ class Article extends React.Component<ArticleProps, ArticleState> {
}
}
articleView = () => "article/article.html?h=" + window.btoa(encodeURIComponent(renderToString(<>
articleView = () => "article/article.html?h=" + encodeURIComponent(renderToString(<>
<p className="title">{this.props.item.title}</p>
<p className="date">{this.props.item.date.toLocaleString(this.props.locale, {hour12: !this.props.locale.startsWith("zh")})}</p>
<article dangerouslySetInnerHTML={{__html: this.props.item.content}}></article>
</>))) + `&s=${this.state.fontSize}&u=${this.props.item.link}`
</>)) + `&s=${this.state.fontSize}&u=${this.props.item.link}`
render = () => (
<FocusZone className="article">

1
src/main/window.ts
View File

@ -57,6 +57,7 @@ export class WindowManager {
fullscreenable: false,
show: false,
webPreferences: {
sandbox: true,
webviewTag: true,
enableRemoteModule: false,
contextIsolation: true,

2
src/scripts/models/item.ts
View File

@ -177,7 +177,7 @@ export function fetchItems(background = false): AppThunk<Promise<void>> {
let promises = new Array<Promise<RSSItem[]>>()
const initState = getState()
if (!initState.app.fetchingItems && !initState.app.syncing) {
await dispatch(syncWithService())
await dispatch(syncWithService(background))
let timenow = new Date().getTime()
let sources = <RSSSource[]>Object.values(getState().sources).filter(s => {
let last = s.lastFetched ? s.lastFetched.getTime() : 0