Grapevine is a Matrix homeserver, forked from Conduit 0.7.0

rust

Charles Hall a60501189d prevent xss via user-uploaded media ... Previously, `Content-Disposition` was always set to `inline`, even for HTML, which means that XSS could be easily acheived by uploading malicious HTML and getting someone to click on the Matrix HTTP API link for that piece of media. Now, we have an allowlist of safe values for `Content-Type` that use `inline` while everything else defaults to `attachment`, including HTML and SVG, which prevents XSS. We also set the `Content-Security-Policy` header because why not. A `set_header_or_panic` function is introduced to do what it says in case Ruma begins providing better or worse values for the relevant headers in the future. The safest way to handle such a case is simply to panic.		2024-05-19 21:05:02 -07:00
bin	build and cache all packages and CI dependencies	2024-05-14 20:08:37 -07:00
nix	add conduit compat mode	2024-05-14 20:21:51 -07:00
src	prevent xss via user-uploaded media	2024-05-19 21:05:02 -07:00
.envrc	allow loading env vars from .env if it exists	2024-05-14 20:08:37 -07:00
.gitignore	allow loading env vars from .env if it exists	2024-05-14 20:08:37 -07:00
.gitlab-ci.yml	build and cache all packages and CI dependencies	2024-05-14 20:08:37 -07:00
Cargo.lock	prevent xss via user-uploaded media	2024-05-19 21:05:02 -07:00
Cargo.toml	prevent xss via user-uploaded media	2024-05-19 21:05:02 -07:00
clippy.toml	enable doc_markdown lint	2024-05-14 16:34:10 -07:00
default.nix	feat: support non-flake users	2024-02-01 19:19:56 -08:00
engage.toml	run clippy for no, default, and all features	2024-04-30 21:54:56 -07:00
flake.lock	update rocksdb	2024-05-16 21:50:31 -07:00
flake.nix	update rocksdb	2024-05-16 21:50:31 -07:00
LICENSE.md	convert license to markdown	2024-04-30 21:54:56 -07:00
rust-toolchain.toml	update rust toolchain	2024-01-25 21:44:40 -08:00
rustfmt.toml	enable error_on_line_overflow and fix errors	2024-05-16 19:11:40 -07:00