- Implement a better/simpler polyfill for web browsers that don't supported
trusted types yet
- Use two separate policies: one to create HTML, another to create/use script
urls
- Instead of having the policy live in the top-level scope, they're now
declared at the lowest possible scope, right before they're used, making them
inaccessible outside of it. This puts their usage completely out of reach of
an attacker unable to gain some control outside of those two (small) scopes,
and thus removes the need to tighten the policies.
- Remove the now-unused tt.js file
This has been tested on Firefox (doesn't support trusted types) and on Chromium
(does support trusted types).
Replaces usage of the word "bookmark" with "star"/"starred" in order to be more
consistent with the UI and database models, and to reduce confusion with
"bookmarklet" and integration features.
This is in preparation of future work on read-it-later features.
Which are also not called "bookmarks" to prevent any further confusion.
https://github.com/orgs/miniflux/discussions/3719
Related-to: https://github.com/miniflux/v2/pull/2219
Instead of blindly compiling all the common/ templates for every view/ ones,
let's be explicit about the dependencies. This should significantly decrease
the resident memory consumption, as ParseTemplate is responsible for ~10M of
the current 11M of heap memory on my instance, so any win there is interesting.
This will also allow better factorization of templates, now that everything is
explicit. Another side-effect is that it'll make testing easier, as we now have
a comprehensive list of views/ templates affected by a change in a file in
common/
- Use `user` everywhere, instead of sometimes `loggedUser`
- Delay the instantiation of some variables: no need to perform SQL queries for
nothing.
- Remove a SQL query getting the whole user struct when only user.ID is used.
Since tdewolff/minify supports SVG minimization, let's make use of it. As we
need to keep the license in the SVG because we're nice netizens, we can at
least use SPDX identifiers instead of using it verbatim.
This does save a couple of kB.
Each batch of feeds sent to the worker pool is now guaranteed to contain unique feed URLs.
When `POLLING_LIMIT_PER_HOST` is set, an additional limit is applied to the number of concurrent requests per hostname, helping to prevent overloading a single server.
Note: Additional requests may still be made during feed refresh. For example, to fetch feed icons or when the web scraper is enabled for a particular feed.
The unread page may show outdated entries when navigating back from an article, due to Chrome's back/forward cache (bfcache) restoring the page from memory.
Reference: https://web.dev/articles/bfcache
- Use a simple struct instead of two slices to store the data and the checksums
of resources
- Remove a superfluous call to Sprintf
- Factorise presence check and data retrieval in some maps
- Size the maps when possible
There is no need to perform a heavy-weight SQL query gathering all the
information available on a feed when we're only interested in its last check
timestamp.
- Replace a call to fmt.Sprintf with a concatenation
- Explicit declaration of return values in FetchJobs
- Initialize the size of FetchJobs return value to b.limit: when b.limit is
used, which is most of the time, this avoid resizing the slice, and when it
isn't, the size of the map is set to 0, which is equivalent to the previous
situation anyway.
- Move a call to `request.UserID(r)` to a lower scope.
- The JS bundle has its own isolated scope
- There is no need to use IIFEs anymore (Immediately Invoked Function Expressions)
- Modules are executed after the HTML document is fully parsed, similar to `defer` attribute
- There is no need to use `DOMContentLoaded` anymore
- Module scripts inherently run in strict mode (no need to define `use strict` anymore)
This has close to no impact for now, as our slog.Debug/Info/... are leaking
their parameters to the heap, but using proper typing instead of Any allows
to skip some reflection-based computation, making things marginally faster,
and removing the corresponding heap leak.
