southfox/miniflux
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions
No description
1199 commits 1 branch 0 tags 34 MiB
Find a file
Frédéric Guillot eb9508502c Avoid XSS when opening a broken image due to unescaped ServerError in proxy handler 
Creating an RSS feed item with the inline description containing an `<img>` tag
with a `srcset` attribute pointing to an invalid URL like
`http:a<script>alert(1)</script>`, we can coerce the proxy handler into an error
condition where the invalid URL is returned unescaped and in full.

This results in JavaScript execution on the Miniflux instance as soon as the
user is convinced to open the broken image.
2023-03-12 22:36:03 -07:00
.devcontainer Preconfigure Miniflux for GitHub Codespaces 2022-11-17 03:49:05 +00:00
.github Update GitHub Actions to use Go 1.20 2023-03-01 19:56:06 -08:00
api Proxy support for several media types 2023-02-25 15:57:59 -08:00
cli Update golang.org/x/crypto 2022-08-13 21:58:45 -07:00
client Parse <category> from Feeds (RSS, Atom and JSON) 2023-02-24 20:52:45 -08:00
config Add HTTP Basic authentication for /metrics endpoint 2023-03-11 20:13:52 -08:00
contrib Run the application in one command 2023-02-19 11:56:51 -08:00
crypto Fix some linter issues 2022-08-08 22:06:38 -07:00
database Parse <category> from Feeds (RSS, Atom and JSON) 2023-02-24 20:52:45 -08:00
errors Fix some linter issues 2022-08-08 22:06:38 -07:00
fever Proxy support for several media types 2023-02-25 15:57:59 -08:00
googlereader Proxy support for several media types 2023-02-25 15:57:59 -08:00
http Avoid XSS when opening a broken image due to unescaped ServerError in proxy handler 2023-03-12 22:36:03 -07:00
integration Add matrix bot support 2022-10-27 17:53:19 -07:00
locale Update es_ES.json 2023-03-11 17:38:07 -08:00
logger Fix some linter issues 2022-08-08 22:06:38 -07:00
metric Add database stats to Prometheus exporter 2021-05-22 20:31:49 -07:00
model Parse <category> from Feeds (RSS, Atom and JSON) 2023-02-24 20:52:45 -08:00
oauth2 Fix some linter issues 2022-08-08 22:06:38 -07:00
packaging Use $(...) notation instead of legacy backticked ... 2022-11-12 20:30:44 -08:00
proxy Proxy support for several media types 2023-02-25 15:57:59 -08:00
reader Update scraping rules for ilpost.it 2023-03-01 20:04:25 -08:00
service Use r.RemoteAddr to check /metrics endpoint network access 2023-03-11 20:53:12 -08:00
storage Parse <category> from Feeds (RSS, Atom and JSON) 2023-02-24 20:52:45 -08:00
systemd Add Systemd watchdog 2021-05-22 18:46:15 -07:00
template Proxy support for several media types 2023-02-25 15:57:59 -08:00
tests Update integration tests 2022-11-12 21:03:43 -08:00
timer Fix some linter issues 2022-08-08 22:06:38 -07:00
timezone Fix some linter issues 2022-08-08 22:06:38 -07:00
ui Avoid XSS when opening a broken image due to unescaped ServerError in proxy handler 2023-03-12 22:36:03 -07:00
url Fix some linter issues 2022-08-08 22:06:38 -07:00
validator Make default home page configurable 2022-07-26 22:03:03 -07:00
version Fix some linter issues 2022-08-08 22:06:38 -07:00
worker Fix some linter issues 2022-08-08 22:06:38 -07:00
.gitignore Add Google Reader API implementation (experimental) 2022-01-02 19:45:12 -08:00
ChangeLog Update ChangeLog 2023-01-29 17:01:14 -08:00
doc.go Fix some linter issues 2022-08-08 22:06:38 -07:00
go.mod Bump golang.org/x/crypto from 0.6.0 to 0.7.0 2023-03-06 20:38:55 -08:00
go.sum Bump golang.org/x/crypto from 0.6.0 to 0.7.0 2023-03-06 20:38:55 -08:00
LICENSE First commit 2017-11-19 22:01:46 -08:00
main.go Remove completely generated files 2021-02-18 21:50:27 -08:00
Makefile Disable CGO explicitly to make sure the binary is statically linked 2023-02-25 16:55:11 -08:00
miniflux.1 Add HTTP Basic authentication for /metrics endpoint 2023-03-11 20:13:52 -08:00
Procfile Make latest changes compatible with Heroku 2018-08-29 20:50:36 -07:00
README.md Update contributor link and Godoc badge for client 2020-10-18 21:53:07 -07:00
SECURITY.md Fix typo in SECURITY.md 2021-05-24 15:23:20 -07:00

README.md

Miniflux 2

Miniflux is a minimalist and opinionated feed reader:

  • Written in Go (Golang)
  • Works only with Postgresql
  • Doesn't use any ORM
  • Doesn't use any complicated framework
  • Use only modern vanilla Javascript (ES6 and Fetch API)
  • Single binary compiled statically without dependency
  • The number of features is voluntarily limited

It's simple, fast, lightweight and super easy to install.

Official website: https://miniflux.app

Documentation

The Miniflux documentation is available here: https://miniflux.app/docs/ (Man page)

Screenshots

Default theme:

Default theme

Dark theme when using keyboard navigation:

Dark theme

Credits