matrix-public-archive

Commit Graph

Author	SHA1	Message	Date
Eric Eastwood	a0089b0fe4	Add `Content-Security-Policy` (CSP) (#81 ) Add `Content-Security-Policy` (CSP) that restricts the page to just what it is expected to do. This helps limit the damage that can be done by any XSS attack. Fix https://github.com/matrix-org/internal-config/issues/1341	2022-10-19 12:07:39 -05:00
Eric Eastwood	2581f88495	Fix XSS when blatting `window.matrixPublicArchiveContext` to the page (#79 ) Fix https://github.com/matrix-org/internal-config/issues/1335	2022-10-13 14:36:04 -05:00
Eric Eastwood	02b86a8405	Render pipeline separation of concerns (#64 ) Follow-up to https://github.com/matrix-org/matrix-public-archive/pull/36 Render pipeline separation of concerns: 1. Run in `child_process` 2. Hydrogen render It's now just a generic `child_process` runner that runs the Hydrogen render in it. This eliminates the windy path of the 1-4 steps that was only held together by the file names themselves.	2022-09-02 20:49:06 -05:00

Author

SHA1

Message

Date

Eric Eastwood

a0089b0fe4

Add `Content-Security-Policy` (CSP) (#81 )

Add `Content-Security-Policy` (CSP) that restricts the page to just what it is expected to do.

This helps limit the damage that can be done by any XSS attack.

Fix https://github.com/matrix-org/internal-config/issues/1341

2022-10-19 12:07:39 -05:00

Eric Eastwood

2581f88495

Fix XSS when blatting `window.matrixPublicArchiveContext` to the page (#79 )

Fix https://github.com/matrix-org/internal-config/issues/1335

2022-10-13 14:36:04 -05:00

Eric Eastwood

02b86a8405

Render pipeline separation of concerns (#64 )

Follow-up to https://github.com/matrix-org/matrix-public-archive/pull/36

Render pipeline separation of concerns:

 1. Run in `child_process`
 2. Hydrogen render
 
It's now just a generic `child_process` runner that runs the Hydrogen render in it. This eliminates the windy path of the 1-4 steps that was only held together by the file names themselves.

2022-09-02 20:49:06 -05:00

3 Commits