Jaifroid
Jaifroid
Now that I have integrated search, it should be relatively easy to integrate getting BLOBs from the libzim version instead of our custom back end. I think it shouldn't be...
@kelson42 According to https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Atomics#browser_compatibility, the versions that work would be Chrome 68+, Edge 79+, Firefox 78+. Emscripten uses `Atomics.load()` and `Atomics.add()`. Of less relevance for our target apps (though it...
@Rishabhg71 As discussed, we have a "working" prototype version in #766, but without any UI option to select between backends, and relatively limited (as per discussion above) in terms of...
@Rishabhg71 Compiling libzim with WASM is an extremely complicated endeavour, and the main work has already been done in https://github.com/openzim/javascript-libzim/, as I mentioned to you. Any work you do on...
> I am using the code that is already written in `javascript-libzim`. I only wanted to compile a simple `hello world` to understand the basics. I understand it is a...
@danielzgtg Thanks for your testing on this. What I can (and do in the PWA, but clearly not 100% effective) is to add a CSP to the article loaded if...
While it doesn't mitigate the issue of a seriously malicious script in a ZIM, the changes we made in https://github.com/kiwix/kiwix-js/pull/862 now make it possible to use the sandbox attribute of...
There is another API I've come across that could prevent tampering by the document in the iframe: the [CSP Sandbox](https://developer.mozilla.org/en-US/docs/web/http/headers/content-security-policy/sandbox), which can be turned on by serving the iframe contents...
I believe #976 takes us as far as it is possible to go with current technology, short of implementing all messages to the iframe via postMessage, which would be a...