🌎 An interplanetary microsurfing platform 🌊
https://oscar.surf
695bbf02ca
(cherry picked from commit d10fdfe9738b17a9d81037c031b40a2cc4cb8038) * SP-2025-03.1 always wrap icon&thumbnail URLs if they're not HTTP URLs, the frontend won't be able to display them anyway (`<img src="mailto:…">` or '<div stile="background-image: url(nntp:…)">` aren't going to work!), so let's always run them through the media proxy, which will fail harder (fetching a `javascript:` URL won't do anything in the backend, might do something in the frontend) and will always protect the client's address in cases like `gemini:` where the browser could try to fetch * SP-2025-03.2 use object binding for more styles interpolating a random (remote-controlled!) string into a `style` attribute is a bad idea; using VueJS object binding, we should get proper quoting and therefore safe parse failures instead of CSS injections / XSS * SP-2025-03.3 slightly more robust "self" URL handling parse URLs instead of treating them as strings; this is still not perfect, but the `URL` class only handles full URLs, not relative ones, so there's so way to ask it "give me a URL object that represents this resource relative to this base URL" notice that passing very weird URLs to `MkUrl` and `MkUrlPreview` will break the frontend (in dev mode) because there's an untrapped `new URL(…)` that may explode; production builds seem to safely ignore the error, though --------- Co-authored-by: Julia <julia@insertdomain.name> Co-authored-by: dakkar <dakkar@thenautilus.net> |
||
|---|---|---|
| .config | ||
| .devcontainer | ||
| .github | ||
| .okteto | ||
| .vscode | ||
| assets | ||
| chart | ||
| cypress | ||
| fluent-emojis@cae981eb4c | ||
| locales | ||
| packages | ||
| scripts | ||
| .dockerignore | ||
| .dockleignore | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .gitmodules | ||
| .node-version | ||
| .npmrc | ||
| .vsls.json | ||
| CHANGELOG.md | ||
| CODE_OF_CONDUCT.md | ||
| codecov.yml | ||
| CONTRIBUTING.md | ||
| COPYING | ||
| crowdin.yml | ||
| cypress.config.ts | ||
| docker-compose.local-db.yml | ||
| docker-compose_example.yml | ||
| Dockerfile | ||
| healthcheck.sh | ||
| LICENSE | ||
| package.json | ||
| pnpm-lock.yaml | ||
| pnpm-workspace.yaml | ||
| Procfile | ||
| README.md | ||
| ROADMAP.md | ||
| SECURITY.md | ||
✨ Features
- ActivityPub support
Not on Misskey? No problem! Not only can Misskey instances talk to each other, but you can make friends with people on other networks like Mastodon and Pixelfed! - Reactions
You can add emoji reactions to any post! No longer are you bound by a like button, show everyone exactly how you feel with the tap of a button. - Drive
With Misskey's built in drive, you get cloud storage right in your social media, where you can upload any files, make folders, and find media from posts you've made! - Rich Web UI
Misskey has a rich and easy to use Web UI! It is highly customizable, from changing the layout and adding widgets to making custom themes. Furthermore, plugins can be created using AiScript, an original programming language. - And much more...
Documentation
Misskey Documentation can be found at Misskey Hub, some of the links and graphics above also lead to specific portions of it.
Sponsors of Misskey
List of sponsors of Misskey can be found at Misskey Hub.
Sponsors of Misskey.io
Thanks
Thanks to Chromatic for providing the visual testing platform that helps us review UI changes and catch visual regressions.
Thanks to Codecov for providing the code coverage platform that helps us improve our test coverage.
Thanks to Crowdin for providing the localization platform that helps us translate Misskey into many languages.
Thanks to Docker for providing the container platform that helps us run Misskey in production.