From 07b2c3e5b2facb7e5a3c69dc3d2384531a847c4c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E3=81=8B=E3=81=A3=E3=81=93=E3=81=8B=E3=82=8A?=
<67428053+kakkokari-gtyih@users.noreply.github.com>
Date: Fri, 25 Oct 2024 15:09:07 +0900
Subject: [PATCH 1/5] =?UTF-8?q?fix(frontend):=20=E7=AE=A1=E7=90=86?=
=?UTF-8?q?=E7=94=BB=E9=9D=A2=E3=81=AE=E3=83=AA=E3=83=B3=E3=82=AF=E5=88=87?=
=?UTF-8?q?=E3=82=8C=E3=82=92=E4=BF=AE=E6=AD=A3=20(#14831)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* fix(frontend): 管理画面のリンク切れを修正
* Update Changelog
---
CHANGELOG.md | 1 +
packages/frontend/src/pages/admin/index.vue | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6e5747f3d8..2bb021317d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,7 @@
- Fix: Turnstileが失敗・期限切れした際にも成功扱いとなってしまう問題を修正
(Cherry-picked from https://github.com/MisskeyIO/misskey/pull/768)
- Fix: デッキのタイムラインカラムで「センシティブなファイルを含むノートを表示」設定が使用できなかった問題を修正
+- Fix: リンク切れを修正
### Server
- Fix: Nested proxy requestsを検出した際にブロックするように
diff --git a/packages/frontend/src/pages/admin/index.vue b/packages/frontend/src/pages/admin/index.vue
index 8a206a2f79..fd15ae1d66 100644
--- a/packages/frontend/src/pages/admin/index.vue
+++ b/packages/frontend/src/pages/admin/index.vue
@@ -15,7 +15,7 @@ SPDX-License-Identifier: AGPL-3.0-only
{{ i18n.ts.thereIsUnresolvedAbuseReportWarning }} {{ i18n.ts.check }}
{{ i18n.ts.noMaintainerInformationWarning }} {{ i18n.ts.configure }}
- {{ i18n.ts.noInquiryUrlWarning }} {{ i18n.ts.configure }}
+ {{ i18n.ts.noInquiryUrlWarning }} {{ i18n.ts.configure }}
{{ i18n.ts.noBotProtectionWarning }} {{ i18n.ts.configure }}
{{ i18n.ts.noEmailServerWarning }} {{ i18n.ts.configure }}
From eeea4ec00b4ed1aeabee85d2761699765f9b2af9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E3=81=8B=E3=81=A3=E3=81=93=E3=81=8B=E3=82=8A?=
<67428053+kakkokari-gtyih@users.noreply.github.com>
Date: Fri, 25 Oct 2024 15:09:37 +0900
Subject: [PATCH 2/5] =?UTF-8?q?fix(backend):=20=E6=8B=9B=E5=BE=85=E3=82=B3?=
=?UTF-8?q?=E3=83=BC=E3=83=89=E7=99=BA=E8=A1=8C=E5=8F=AF=E8=83=BD=E6=AE=8B?=
=?UTF-8?q?=E3=82=8A=E6=95=B0=E7=AE=97=E5=87=BA=E3=81=AB=E4=BD=BF=E7=94=A8?=
=?UTF-8?q?=E3=81=99=E3=81=B9=E3=81=8D=E3=83=AD=E3=83=BC=E3=83=AB=E3=83=9D?=
=?UTF-8?q?=E3=83=AA=E3=82=B7=E3=83=BC=E3=81=AE=E5=80=A4=E3=81=8C=E9=81=95?=
=?UTF-8?q?=E3=81=86=E3=81=AE=E3=82=92=E4=BF=AE=E6=AD=A3=20(#14834)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* fix: should use invite limit cycle to calculate invite/limit
* Update Changelog
* Update changelog
---------
Co-authored-by: Lhc_fl
---
CHANGELOG.md | 2 ++
packages/backend/src/server/api/endpoints/invite/limit.ts | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2bb021317d..c35aa3679f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,6 +22,8 @@
### Server
- Fix: Nested proxy requestsを検出した際にブロックするように
[ghsa-gq5q-c77c-v236](https://github.com/misskey-dev/misskey/security/advisories/ghsa-gq5q-c77c-v236)
+- Fix: 招待コードの発行可能な残り数算出に使用すべきロールポリシーの値が違う問題を修正
+ (Cherry-picked from https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/706)
## 2024.10.1
diff --git a/packages/backend/src/server/api/endpoints/invite/limit.ts b/packages/backend/src/server/api/endpoints/invite/limit.ts
index 2786bd98d5..2ffd41ae28 100644
--- a/packages/backend/src/server/api/endpoints/invite/limit.ts
+++ b/packages/backend/src/server/api/endpoints/invite/limit.ts
@@ -49,7 +49,7 @@ export default class extends Endpoint { // eslint-
const policies = await this.roleService.getUserPolicies(me.id);
const count = policies.inviteLimit ? await this.registrationTicketsRepository.countBy({
- id: MoreThan(this.idService.gen(Date.now() - (policies.inviteExpirationTime * 60 * 1000))),
+ id: MoreThan(this.idService.gen(Date.now() - (policies.inviteLimitCycle * 60 * 1000))),
createdById: me.id,
}) : null;
From db95b6b0d6988c5caadb2bdd9586525a81ad7fda Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E3=81=8B=E3=81=A3=E3=81=93=E3=81=8B=E3=82=8A?=
<67428053+kakkokari-gtyih@users.noreply.github.com>
Date: Fri, 25 Oct 2024 19:37:01 +0900
Subject: [PATCH 3/5] :art:
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://github.com/misskey-dev/misskey/pull/14828 のデザイン修正
---
packages/frontend/src/pages/miauth.vue | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/packages/frontend/src/pages/miauth.vue b/packages/frontend/src/pages/miauth.vue
index 283f66ac45..e89dd5c4a5 100644
--- a/packages/frontend/src/pages/miauth.vue
+++ b/packages/frontend/src/pages/miauth.vue
@@ -17,7 +17,7 @@ SPDX-License-Identifier: AGPL-3.0-only
@deny="onDeny"
>
-
+
{{ i18n.ts._auth.byClickingYouWillBeRedirectedToThisUrl }}
{{ callback }}
From ded6ef207b888c14f425d46a341a35feab76be86 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
Date: Fri, 25 Oct 2024 13:16:43 +0000
Subject: [PATCH 4/5] Bump version to 2024.10.2-alpha.1
---
package.json | 2 +-
packages/misskey-js/package.json | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package.json b/package.json
index 444af2409b..6c598e11a3 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "misskey",
- "version": "2024.10.2-alpha.0",
+ "version": "2024.10.2-alpha.1",
"codename": "nasubi",
"repository": {
"type": "git",
diff --git a/packages/misskey-js/package.json b/packages/misskey-js/package.json
index d6c760ad83..ef3d84ee96 100644
--- a/packages/misskey-js/package.json
+++ b/packages/misskey-js/package.json
@@ -1,7 +1,7 @@
{
"type": "module",
"name": "misskey-js",
- "version": "2024.10.2-alpha.0",
+ "version": "2024.10.2-alpha.1",
"description": "Misskey SDK for JavaScript",
"license": "MIT",
"main": "./built/index.js",
From a6a1e3d733e192504986e6e91b5aca9211c331ce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E3=81=8B=E3=81=A3=E3=81=93=E3=81=8B=E3=82=8A?=
<67428053+kakkokari-gtyih@users.noreply.github.com>
Date: Sat, 26 Oct 2024 22:07:26 +0900
Subject: [PATCH 5/5] =?UTF-8?q?enhance(frontend):=20Self-XSS=E9=98=B2?=
=?UTF-8?q?=E6=AD=A2=E7=94=A8=E3=81=AE=E3=83=A1=E3=83=83=E3=82=BB=E3=83=BC?=
=?UTF-8?q?=E3=82=B8=E3=82=92=E8=BF=BD=E5=8A=A0=20(#14839)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* enhance(frontend): Self-XSS防止用のメッセージを追加
* Update Changelog
* embedにも同様の記述を追加
---
CHANGELOG.md | 1 +
locales/index.d.ts | 22 ++++++++++++++++++++++
locales/ja-JP.yml | 7 +++++++
packages/frontend-embed/src/boot.ts | 22 ++++++++++++++++++++++
packages/frontend/src/boot/common.ts | 23 ++++++++++++++++++++++-
5 files changed, 74 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c35aa3679f..40ad0b639b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@
- Enhance: MiAuth, OAuthの認可画面の改善
- どのアカウントで認証しようとしているのかがわかるように
- 認証するアカウントを切り替えられるように
+- Enhance: Self-XSS防止用の警告を追加
- Fix: 通知の範囲指定の設定項目が必要ない通知設定でも範囲指定の設定がでている問題を修正
- Fix: Turnstileが失敗・期限切れした際にも成功扱いとなってしまう問題を修正
(Cherry-picked from https://github.com/MisskeyIO/misskey/pull/768)
diff --git a/locales/index.d.ts b/locales/index.d.ts
index 80adf69232..9058c70496 100644
--- a/locales/index.d.ts
+++ b/locales/index.d.ts
@@ -10553,6 +10553,28 @@ export interface Locale extends ILocale {
*/
"codeGeneratedDescription": string;
};
+ "_selfXssPrevention": {
+ /**
+ * 警告
+ */
+ "warning": string;
+ /**
+ * 「この画面に何か貼り付けろ」はすべて詐欺です。
+ */
+ "title": string;
+ /**
+ * ここに何かを貼り付けると、悪意のあるユーザーにアカウントを乗っ取られたり、個人情報を盗まれたりする可能性があります。
+ */
+ "description1": string;
+ /**
+ * 貼り付けようとしているものが何なのかを正確に理解していない場合は、%c今すぐ作業を中止してこのウィンドウを閉じてください。
+ */
+ "description2": string;
+ /**
+ * 詳しくはこちらをご確認ください。 {link}
+ */
+ "description3": ParameterizedString<"link">;
+ };
}
declare const locales: {
[lang: string]: Locale;
diff --git a/locales/ja-JP.yml b/locales/ja-JP.yml
index d545425cbd..1d426f1705 100644
--- a/locales/ja-JP.yml
+++ b/locales/ja-JP.yml
@@ -2811,3 +2811,10 @@ _embedCodeGen:
generateCode: "埋め込みコードを作成"
codeGenerated: "コードが生成されました"
codeGeneratedDescription: "生成されたコードをウェブサイトに貼り付けてご利用ください。"
+
+_selfXssPrevention:
+ warning: "警告"
+ title: "「この画面に何か貼り付けろ」はすべて詐欺です。"
+ description1: "ここに何かを貼り付けると、悪意のあるユーザーにアカウントを乗っ取られたり、個人情報を盗まれたりする可能性があります。"
+ description2: "貼り付けようとしているものが何なのかを正確に理解していない場合は、%c今すぐ作業を中止してこのウィンドウを閉じてください。"
+ description3: "詳しくはこちらをご確認ください。 {link}"
diff --git a/packages/frontend-embed/src/boot.ts b/packages/frontend-embed/src/boot.ts
index 00c7944eb3..8ab4ab32e6 100644
--- a/packages/frontend-embed/src/boot.ts
+++ b/packages/frontend-embed/src/boot.ts
@@ -21,6 +21,7 @@ import { url } from '@@/js/config.js';
import { parseEmbedParams } from '@@/js/embed-page.js';
import { postMessageToParentWindow, setIframeId } from '@/post-message.js';
import { serverContext } from '@/server-context.js';
+import { i18n } from '@/i18n.js';
import type { Theme } from '@/theme.js';
@@ -127,6 +128,27 @@ window.onunhandledrejection = null;
removeSplash();
+//#region Self-XSS 対策メッセージ
+console.log(
+ `%c${i18n.ts._selfXssPrevention.warning}`,
+ 'color: #f00; background-color: #ff0; font-size: 36px; padding: 4px;',
+);
+console.log(
+ `%c${i18n.ts._selfXssPrevention.title}`,
+ 'color: #f00; font-weight: 900; font-family: "Hiragino Sans W9", "Hiragino Kaku Gothic ProN", sans-serif; font-size: 24px;',
+);
+console.log(
+ `%c${i18n.ts._selfXssPrevention.description1}`,
+ 'font-size: 16px; font-weight: 700;',
+);
+console.log(
+ `%c${i18n.ts._selfXssPrevention.description2}`,
+ 'font-size: 16px;',
+ 'font-size: 20px; font-weight: 700; color: #f00;',
+);
+console.log(i18n.tsx._selfXssPrevention.description3({ link: 'https://misskey-hub.net/docs/for-users/resources/self-xss/' }));
+//#endregion
+
function removeSplash() {
const splash = document.getElementById('splash');
if (splash) {
diff --git a/packages/frontend/src/boot/common.ts b/packages/frontend/src/boot/common.ts
index 1145891b71..90ae49ee59 100644
--- a/packages/frontend/src/boot/common.ts
+++ b/packages/frontend/src/boot/common.ts
@@ -11,7 +11,7 @@ import directives from '@/directives/index.js';
import components from '@/components/index.js';
import { applyTheme } from '@/scripts/theme.js';
import { isDeviceDarkmode } from '@/scripts/is-device-darkmode.js';
-import { updateI18n } from '@/i18n.js';
+import { updateI18n, i18n } from '@/i18n.js';
import { $i, refreshAccount, login } from '@/account.js';
import { defaultStore, ColdDeviceStorage } from '@/store.js';
import { fetchInstance, instance } from '@/instance.js';
@@ -269,6 +269,27 @@ export async function common(createVue: () => App) {
removeSplash();
+ //#region Self-XSS 対策メッセージ
+ console.log(
+ `%c${i18n.ts._selfXssPrevention.warning}`,
+ 'color: #f00; background-color: #ff0; font-size: 36px; padding: 4px;',
+ );
+ console.log(
+ `%c${i18n.ts._selfXssPrevention.title}`,
+ 'color: #f00; font-weight: 900; font-family: "Hiragino Sans W9", "Hiragino Kaku Gothic ProN", sans-serif; font-size: 24px;',
+ );
+ console.log(
+ `%c${i18n.ts._selfXssPrevention.description1}`,
+ 'font-size: 16px; font-weight: 700;',
+ );
+ console.log(
+ `%c${i18n.ts._selfXssPrevention.description2}`,
+ 'font-size: 16px;',
+ 'font-size: 20px; font-weight: 700; color: #f00;',
+ );
+ console.log(i18n.tsx._selfXssPrevention.description3({ link: 'https://misskey-hub.net/docs/for-users/resources/self-xss/' }));
+ //#endregion
+
return {
isClientUpdated,
app,