Browse Source

sanitize: forbid "allow" attribute
CSS: remove auto hyphens stuff, remove iframe width clipping to 98% because they get squished

Andrew Dolgov 2 months ago
parent
commit
2b55afbeec

+ 1 - 1
include/functions.php

@@ -1357,7 +1357,7 @@
 
 		if ($_SESSION['hasSandbox']) $allowed_elements[] = 'iframe';
 
-		$disallowed_attributes = array('id', 'style', 'class', 'width', 'height');
+		$disallowed_attributes = array('id', 'style', 'class', 'width', 'height', 'allow');
 
 		foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_SANITIZE) as $plugin) {
 			$retval = $plugin->hook_sanitize($doc, $site_url, $allowed_elements, $disallowed_attributes, $article_id);

+ 0 - 22
themes/compact.css

@@ -70,13 +70,6 @@ body.ttrss_main div.post div.content video {
   max-width: 98%;
   height: auto;
 }
-body.ttrss_main div.post div.content p {
-  hyphens: auto;
-}
-body.ttrss_main div.post div.content iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 body.ttrss_main .inline-player {
   display: flex;
   align-items: center;
@@ -1283,16 +1276,6 @@ div.cdm.vgrlf .feed {
   font-style: italic;
   font-size: 11px;
 }
-.cdm div.content-inner p {
-  /*max-width : 650px;*/
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
-.cdm div.content-inner iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 .cdm div.header span.author {
   white-space: nowrap;
   color: #555;
@@ -1922,11 +1905,6 @@ body.ttrss_zoom div.post div.header .row {
   align-items: center;
   justify-content: space-between;
 }
-body.ttrss_zoom div.post p {
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
 body.ttrss_zoom div.post div.content {
   font-size: 15px;
   line-height: 1.5;

File diff suppressed because it is too large
+ 0 - 0
themes/compact.css.map


+ 0 - 22
themes/compact_night.css

@@ -70,13 +70,6 @@ body.ttrss_main div.post div.content video {
   max-width: 98%;
   height: auto;
 }
-body.ttrss_main div.post div.content p {
-  hyphens: auto;
-}
-body.ttrss_main div.post div.content iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 body.ttrss_main .inline-player {
   display: flex;
   align-items: center;
@@ -1283,16 +1276,6 @@ div.cdm.vgrlf .feed {
   font-style: italic;
   font-size: 11px;
 }
-.cdm div.content-inner p {
-  /*max-width : 650px;*/
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
-.cdm div.content-inner iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 .cdm div.header span.author {
   white-space: nowrap;
   color: #ccc;
@@ -1913,11 +1896,6 @@ body.ttrss_zoom div.post div.header .row {
   align-items: center;
   justify-content: space-between;
 }
-body.ttrss_zoom div.post p {
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
 body.ttrss_zoom div.post div.content {
   font-size: 15px;
   line-height: 1.5;

File diff suppressed because it is too large
+ 0 - 0
themes/compact_night.css.map


+ 0 - 22
themes/light.css

@@ -70,13 +70,6 @@ body.ttrss_main div.post div.content video {
   max-width: 98%;
   height: auto;
 }
-body.ttrss_main div.post div.content p {
-  hyphens: auto;
-}
-body.ttrss_main div.post div.content iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 body.ttrss_main .inline-player {
   display: flex;
   align-items: center;
@@ -1283,16 +1276,6 @@ div.cdm.vgrlf .feed {
   font-style: italic;
   font-size: 11px;
 }
-.cdm div.content-inner p {
-  /*max-width : 650px;*/
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
-.cdm div.content-inner iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 .cdm div.header span.author {
   white-space: nowrap;
   color: #555;
@@ -1922,11 +1905,6 @@ body.ttrss_zoom div.post div.header .row {
   align-items: center;
   justify-content: space-between;
 }
-body.ttrss_zoom div.post p {
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
 body.ttrss_zoom div.post div.content {
   font-size: 15px;
   line-height: 1.5;

File diff suppressed because it is too large
+ 0 - 0
themes/light.css.map


+ 0 - 12
themes/light/cdm.less

@@ -185,18 +185,6 @@ div.cdm.vgrlf .feed {
 		font-size: 11px;
 	}
 
-	div.content-inner p {
-		/*max-width : 650px;*/
-		-webkit-hyphens: auto;
-		-moz-hyphens: auto;
-		hyphens: auto;
-	}
-
-	div.content-inner iframe {
-		min-width : 50%;
-		max-width : 98%;
-	}
-
 	div.header span.author {
 		white-space : nowrap;
 		color : @default-text;

+ 0 - 9
themes/light/tt-rss.less

@@ -65,15 +65,6 @@ body.ttrss_main {
 				max-width : 98%;
 				height: auto;
 			}
-
-			p {
-				hyphens: auto;
-			}
-
-			iframe {
-				min-width : 50%;
-				max-width : 98%;
-			}
 		}
 	}
 

+ 0 - 6
themes/light/zoom.less

@@ -28,12 +28,6 @@ body.ttrss_zoom {
 			}
 		}
 
-		p {
-			-webkit-hyphens: auto;
-			-moz-hyphens: auto;
-			hyphens: auto;
-		}
-
 		div.content {
 			font-size : 15px;
 			line-height : 1.5;

+ 0 - 22
themes/night.css

@@ -71,13 +71,6 @@ body.ttrss_main div.post div.content video {
   max-width: 98%;
   height: auto;
 }
-body.ttrss_main div.post div.content p {
-  hyphens: auto;
-}
-body.ttrss_main div.post div.content iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 body.ttrss_main .inline-player {
   display: flex;
   align-items: center;
@@ -1284,16 +1277,6 @@ div.cdm.vgrlf .feed {
   font-style: italic;
   font-size: 11px;
 }
-.cdm div.content-inner p {
-  /*max-width : 650px;*/
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
-.cdm div.content-inner iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 .cdm div.header span.author {
   white-space: nowrap;
   color: #ccc;
@@ -1914,11 +1897,6 @@ body.ttrss_zoom div.post div.header .row {
   align-items: center;
   justify-content: space-between;
 }
-body.ttrss_zoom div.post p {
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
 body.ttrss_zoom div.post div.content {
   font-size: 15px;
   line-height: 1.5;

File diff suppressed because it is too large
+ 0 - 0
themes/night.css.map


+ 0 - 22
themes/night_blue.css

@@ -71,13 +71,6 @@ body.ttrss_main div.post div.content video {
   max-width: 98%;
   height: auto;
 }
-body.ttrss_main div.post div.content p {
-  hyphens: auto;
-}
-body.ttrss_main div.post div.content iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 body.ttrss_main .inline-player {
   display: flex;
   align-items: center;
@@ -1284,16 +1277,6 @@ div.cdm.vgrlf .feed {
   font-style: italic;
   font-size: 11px;
 }
-.cdm div.content-inner p {
-  /*max-width : 650px;*/
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
-.cdm div.content-inner iframe {
-  min-width: 50%;
-  max-width: 98%;
-}
 .cdm div.header span.author {
   white-space: nowrap;
   color: #ccc;
@@ -1914,11 +1897,6 @@ body.ttrss_zoom div.post div.header .row {
   align-items: center;
   justify-content: space-between;
 }
-body.ttrss_zoom div.post p {
-  -webkit-hyphens: auto;
-  -moz-hyphens: auto;
-  hyphens: auto;
-}
 body.ttrss_zoom div.post div.content {
   font-size: 15px;
   line-height: 1.5;

File diff suppressed because it is too large
+ 0 - 0
themes/night_blue.css.map


Some files were not shown because too many files changed in this diff