1
0
Fork 0
forked from mirrors/akkoma
akkoma/lib/pleroma/web
Oneric ba558c0c24 Limit instance emoji to image types
Else malicious emoji packs or our EmojiStealer MRF can
put payloads into the same domain as the instance itself.
Sanitising the content type should prevent proper clients
from acting on any potential payload.

Note, this does not affect the default emoji shipped with Akkoma
as they are handled by another plug. However, those are fully trusted
and thus not in needed of sanitisation.
2024-03-18 22:33:10 -01:00
..
activity_pub mix format 2024-02-20 15:09:04 +00:00
admin_api Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
akkoma_api add selection UI 2023-03-28 12:44:52 +01:00
api_spec Merge branch 'followback' into develop 2024-02-16 13:27:40 +00:00
auth Support elixir1.15 2023-08-03 17:44:09 +01:00
common_api Support elixir1.15 2023-08-03 17:44:09 +01:00
fallback ensure we send the right files for preferred fe 2023-03-12 23:59:10 +00:00
federator Remove debug prints 2022-06-25 18:43:19 +01:00
feed Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
mailer
mastodon_api Merge pull request 'Return last_status_at as date, not datetime' (#681) from katafrakt/akkoma:fix-last-status-at into develop 2024-02-17 11:37:19 +00:00
media_proxy Use uppercase HTTP HEAD method for media preview proxy request (#128) 2022-07-30 21:58:14 +00:00
metadata Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
mongoose_im argon2 password hashing (#406) 2022-12-30 02:46:58 +00:00
nodeinfo Mix format 2023-04-14 17:56:34 +01:00
o_auth update tests for oauth consumer 2023-12-17 21:48:19 +00:00
o_status Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
pleroma_api Exclude deactivated users from emoji reaction lists 2023-07-17 17:53:03 +01:00
plugs Limit instance emoji to image types 2024-03-18 22:33:10 -01:00
preload/providers
push Support elixir1.15 2023-08-03 17:44:09 +01:00
rich_media Support elixir1.15 2023-08-03 17:44:09 +01:00
static_fe Fix Twitter metadata 2024-02-19 21:09:43 +00:00
templates Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
twitter_api Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
utils Pleroma.Web.Params --> Pleroma.Web.Utils.Params 2021-06-08 12:50:47 -05:00
views Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
web_finger giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
api_spec.ex update references to pleroma in docs 2022-12-30 03:43:35 +00:00
common_api.ex Support elixir1.15 2023-08-03 17:44:09 +01:00
controller_helper.ex giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
embed_controller.ex Add embed controller tests 2023-07-17 19:18:21 +01:00
endpoint.ex Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
federator.ex and i yoink (#275) 2022-11-14 15:07:26 +00:00
gettext.ex Fix incorrect fallback when English is set to first language 2022-06-29 20:47:10 +01:00
instance_document.ex
manifest_controller.ex Expose /manifest.json for PWA 2021-11-24 17:50:55 -06:00
masto_fe_controller.ex Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
media_proxy.ex Support elixir1.15 2023-08-03 17:44:09 +01:00
metadata.ex Add configurable theme color (#53) 2022-07-06 20:00:43 +00:00
o_auth.ex
pipelines.ex Remove precompiled javascript (#55) 2022-07-08 13:03:18 +00:00
plug.ex
preload.ex remove unused variable 2022-12-16 12:36:34 +00:00
push.ex Support elixir1.15 2023-08-03 17:44:09 +01:00
rel_me.ex Add more information about failed verifications 2023-03-10 03:51:24 +00:00
router.ex mastodon_api: Add /api/v1/preferences endpoint 2023-08-12 09:28:24 -04:00
streamer.ex Enforce unauth restrictions for public streaming endpoints 2023-06-14 22:45:19 +00:00
swagger.ex remove anonymous function from plug 2022-07-14 11:17:14 +01:00
telemetry.ex Use fallbacks of summary metrics for prometheus 2024-02-12 02:00:09 +01:00
translation_helpers.ex
uploader_controller.ex
web_finger.ex Support elixir1.15 2023-08-03 17:44:09 +01:00
xml.ex Add XML matcher 2023-08-07 11:12:14 +01:00