From 98773df76e83a7786669262e553d2a72d34ead56 Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Fri, 7 Feb 2020 22:07:30 +0000
Subject: [PATCH 1/7] Get rid of dependence on usercontent.riot.im

---
 .modernizr.json                   |  4 +--
 docs/config.md                    |  7 +----
 src/vector/modernizr.js           |  4 +--
 src/vector/usercontent/index.html | 12 ++++++++
 src/vector/usercontent/index.js   | 48 +++++++++++++++++++++++++++++++
 webpack.config.js                 | 14 +++++++--
 6 files changed, 77 insertions(+), 12 deletions(-)
 create mode 100644 src/vector/usercontent/index.html
 create mode 100644 src/vector/usercontent/index.js

diff --git a/.modernizr.json b/.modernizr.json
index 9055ac07..bd55bd2d 100644
--- a/.modernizr.json
+++ b/.modernizr.json
@@ -7,7 +7,6 @@
   "feature-detects": [
     "test/css/displaytable",
     "test/css/flexbox",
-    "test/es5/specification",
     "test/css/objectfit",
     "test/storage/localstorage",
     "test/es6/array",
@@ -18,6 +17,7 @@
     "test/svg/filters",
     "test/css/animations",
     "test/css/filters",
-    "test/network/fetch"
+    "test/network/fetch",
+    "test/iframe/sandbox"
   ]
 }
diff --git a/docs/config.md b/docs/config.md
index 5a252deb..d11d8638 100644
--- a/docs/config.md
+++ b/docs/config.md
@@ -57,11 +57,6 @@ For a good example, see https://riot.im/develop/config.json.
 1. `update_base_url` (electron app only): HTTPS URL to a web server to download
    updates from. This should be the path to the directory containing `macos`
    and `win32` (for update packages, not installer packages).
-1. `cross_origin_renderer_url`: URL to a static HTML page hosting code to help display
-   encrypted file attachments. This MUST be hosted on a completely separate domain to
-   anything else since it is used to isolate the privileges of file attachments to this
-   domain. Default: `https://usercontent.riot.im/v1.html`. This needs to contain v1.html from
-   https://github.com/matrix-org/usercontent/blob/master/v1.html
 1. `piwik`: Analytics can be disabled by setting `piwik: false` or by leaving the piwik config
    option out of your config file. If you want to enable analytics, set `piwik` to be an object
    containing the following properties:
@@ -87,7 +82,7 @@ For a good example, see https://riot.im/develop/config.json.
    default homeserver when signing up or logging in.
 1. `permalinkPrefix`: Used to change the URL that Riot generates permalinks with.
    By default, this is "https://matrix.to" to generate matrix.to (spec) permalinks.
-   Set this to your Riot instance URL if you run an unfederated server (eg: 
+   Set this to your Riot instance URL if you run an unfederated server (eg:
    "https://riot.example.org").
 
 Note that `index.html` also has an og:image meta tag that is set to an image
diff --git a/src/vector/modernizr.js b/src/vector/modernizr.js
index 61fc8dfc..ca3f6868 100644
--- a/src/vector/modernizr.js
+++ b/src/vector/modernizr.js
@@ -1,3 +1,3 @@
 /*! modernizr 3.8.0 (Custom Build) | MIT *
- * https://modernizr.com/download/?-cssanimations-cssfilters-displaytable-es5-es6array-es6collections-fetch-flexbox-localstorage-objectfit-promises-svg-svgasimg-svgfilters-setclasses-cssclassprefix:modernizr_ !*/
-!function(window,document,undefined){function is(e,r){return typeof e===r}function testRunner(){var e,r,t,n,o,i,s;for(var d in tests)if(tests.hasOwnProperty(d)){if(e=[],r=tests[d],r.name&&(e.push(r.name.toLowerCase()),r.options&&r.options.aliases&&r.options.aliases.length))for(t=0;t<r.options.aliases.length;t++)e.push(r.options.aliases[t].toLowerCase());for(n=is(r.fn,"function")?r.fn():r.fn,o=0;o<e.length;o++)i=e[o],s=i.split("."),1===s.length?Modernizr[s[0]]=n:(Modernizr[s[0]]&&(!Modernizr[s[0]]||Modernizr[s[0]]instanceof Boolean)||(Modernizr[s[0]]=new Boolean(Modernizr[s[0]])),Modernizr[s[0]][s[1]]=n),classes.push((n?"":"no-")+s.join("-"))}}function setClasses(e){var r=docElement.className,t=Modernizr._config.classPrefix||"";if(isSVG&&(r=r.baseVal),Modernizr._config.enableJSClass){var n=new RegExp("(^|\\s)"+t+"no-js(\\s|$)");r=r.replace(n,"$1"+t+"js$2")}Modernizr._config.enableClasses&&(e.length>0&&(r+=" "+t+e.join(" "+t)),isSVG?docElement.className.baseVal=r:docElement.className=r)}function createElement(){return"function"!=typeof document.createElement?document.createElement(arguments[0]):isSVG?document.createElementNS.call(document,"http://www.w3.org/2000/svg",arguments[0]):document.createElement.apply(document,arguments)}function getBody(){var e=document.body;return e||(e=createElement(isSVG?"svg":"body"),e.fake=!0),e}function injectElementWithStyles(e,r,t,n){var o,i,s,d,a="modernizr",l=createElement("div"),c=getBody();if(parseInt(t,10))for(;t--;)s=createElement("div"),s.id=n?n[t]:a+(t+1),l.appendChild(s);return o=createElement("style"),o.type="text/css",o.id="s"+a,(c.fake?c:l).appendChild(o),c.appendChild(l),o.styleSheet?o.styleSheet.cssText=e:o.appendChild(document.createTextNode(e)),l.id=a,c.fake&&(c.style.background="",c.style.overflow="hidden",d=docElement.style.overflow,docElement.style.overflow="hidden",docElement.appendChild(c)),i=r(l,e),c.fake?(c.parentNode.removeChild(c),docElement.style.overflow=d,docElement.offsetHeight):l.parentNode.removeChild(l),!!i}function contains(e,r){return!!~(""+e).indexOf(r)}function domToCSS(e){return e.replace(/([A-Z])/g,function(e,r){return"-"+r.toLowerCase()}).replace(/^ms-/,"-ms-")}function computedStyle(e,r,t){var n;if("getComputedStyle"in window){n=getComputedStyle.call(window,e,r);var o=window.console;if(null!==n)t&&(n=n.getPropertyValue(t));else if(o){var i=o.error?"error":"log";o[i].call(o,"getComputedStyle returning null, its possible modernizr test results are inaccurate")}}else n=!r&&e.currentStyle&&e.currentStyle[t];return n}function nativeTestProps(e,r){var t=e.length;if("CSS"in window&&"supports"in window.CSS){for(;t--;)if(window.CSS.supports(domToCSS(e[t]),r))return!0;return!1}if("CSSSupportsRule"in window){for(var n=[];t--;)n.push("("+domToCSS(e[t])+":"+r+")");return n=n.join(" or "),injectElementWithStyles("@supports ("+n+") { #modernizr { position: absolute; } }",function(e){return"absolute"===computedStyle(e,null,"position")})}return undefined}function cssToDOM(e){return e.replace(/([a-z])-([a-z])/g,function(e,r,t){return r+t.toUpperCase()}).replace(/^-/,"")}function testProps(e,r,t,n){function o(){s&&(delete mStyle.style,delete mStyle.modElem)}if(n=!is(n,"undefined")&&n,!is(t,"undefined")){var i=nativeTestProps(e,t);if(!is(i,"undefined"))return i}for(var s,d,a,l,c,u=["modernizr","tspan","samp"];!mStyle.style&&u.length;)s=!0,mStyle.modElem=createElement(u.shift()),mStyle.style=mStyle.modElem.style;for(a=e.length,d=0;d<a;d++)if(l=e[d],c=mStyle.style[l],contains(l,"-")&&(l=cssToDOM(l)),mStyle.style[l]!==undefined){if(n||is(t,"undefined"))return o(),"pfx"!==r||l;try{mStyle.style[l]=t}catch(e){}if(mStyle.style[l]!==c)return o(),"pfx"!==r||l}return o(),!1}function fnBind(e,r){return function(){return e.apply(r,arguments)}}function testDOMProps(e,r,t){var n;for(var o in e)if(e[o]in r)return!1===t?e[o]:(n=r[e[o]],is(n,"function")?fnBind(n,t||r):n);return!1}function testPropsAll(e,r,t,n,o){var i=e.charAt(0).toUpperCase()+e.slice(1),s=(e+" "+cssomPrefixes.join(i+" ")+i).split(" ");return is(r,"string")||is(r,"undefined")?testProps(s,r,n,o):(s=(e+" "+domPrefixes.join(i+" ")+i).split(" "),testDOMProps(s,r,t))}function testAllProps(e,r,t){return testPropsAll(e,undefined,undefined,r,t)}function addTest(e,r){if("object"==typeof e)for(var t in e)hasOwnProp(e,t)&&addTest(t,e[t]);else{e=e.toLowerCase();var n=e.split("."),o=Modernizr[n[0]];if(2===n.length&&(o=o[n[1]]),void 0!==o)return Modernizr;r="function"==typeof r?r():r,1===n.length?Modernizr[n[0]]=r:(!Modernizr[n[0]]||Modernizr[n[0]]instanceof Boolean||(Modernizr[n[0]]=new Boolean(Modernizr[n[0]])),Modernizr[n[0]][n[1]]=r),setClasses([(r&&!1!==r?"":"no-")+n.join("-")]),Modernizr._trigger(e,r)}return Modernizr}var tests=[],ModernizrProto={_version:"3.8.0",_config:{classPrefix:'modernizr_',enableClasses:!0,enableJSClass:!0,usePrefixes:!0},_q:[],on:function(e,r){var t=this;setTimeout(function(){r(t[e])},0)},addTest:function(e,r,t){tests.push({name:e,fn:r,options:t})},addAsyncTest:function(e){tests.push({name:null,fn:e})}},Modernizr=function(){};Modernizr.prototype=ModernizrProto,Modernizr=new Modernizr;var classes=[],docElement=document.documentElement,isSVG="svg"===docElement.nodeName.toLowerCase(),testStyles=ModernizrProto.testStyles=injectElementWithStyles;testStyles("#modernizr{display: table; direction: ltr}#modernizr div{display: table-cell; padding: 10px}",function(e){var r,t=e.childNodes;r=t[0].offsetLeft<t[1].offsetLeft,Modernizr.addTest("displaytable",r,{aliases:["display-table"]})},2);var omPrefixes="Moz O ms Webkit",cssomPrefixes=ModernizrProto._config.usePrefixes?omPrefixes.split(" "):[];ModernizrProto._cssomPrefixes=cssomPrefixes;var modElem={elem:createElement("modernizr")};Modernizr._q.push(function(){delete modElem.elem});var mStyle={style:modElem.elem.style};Modernizr._q.unshift(function(){delete mStyle.style});var domPrefixes=ModernizrProto._config.usePrefixes?omPrefixes.toLowerCase().split(" "):[];ModernizrProto._domPrefixes=domPrefixes,ModernizrProto.testAllProps=testPropsAll,ModernizrProto.testAllProps=testAllProps,Modernizr.addTest("flexbox",testAllProps("flexBasis","1px",!0)),Modernizr.addTest("es5array",function(){return!!(Array.prototype&&Array.prototype.every&&Array.prototype.filter&&Array.prototype.forEach&&Array.prototype.indexOf&&Array.prototype.lastIndexOf&&Array.prototype.map&&Array.prototype.some&&Array.prototype.reduce&&Array.prototype.reduceRight&&Array.isArray)}),Modernizr.addTest("es5date",function(){var e=!1;try{e=!!Date.parse("2013-04-12T06:06:37.307Z")}catch(e){}return!!(Date.now&&Date.prototype&&Date.prototype.toISOString&&Date.prototype.toJSON&&e)}),Modernizr.addTest("es5function",function(){return!(!Function.prototype||!Function.prototype.bind)}),Modernizr.addTest("es5object",function(){return!!(Object.keys&&Object.create&&Object.getPrototypeOf&&Object.getOwnPropertyNames&&Object.isSealed&&Object.isFrozen&&Object.isExtensible&&Object.getOwnPropertyDescriptor&&Object.defineProperty&&Object.defineProperties&&Object.seal&&Object.freeze&&Object.preventExtensions)}),Modernizr.addTest("strictmode",function(){"use strict";return!this}()),Modernizr.addTest("es5string",function(){return!(!String.prototype||!String.prototype.trim)}),Modernizr.addTest("json","JSON"in window&&"parse"in JSON&&"stringify"in JSON),Modernizr.addTest("es5syntax",function(){var value,obj,stringAccess,getter,setter,reservedWords,zeroWidthChars;try{return stringAccess=eval('"foobar"[3] === "b"'),getter=eval("({ get x(){ return 1 } }).x === 1"),eval("({ set x(v){ value = v; } }).x = 1"),setter=1===value,eval("obj = ({ if: 1 })"),reservedWords=1===obj.if,zeroWidthChars=eval("_‌‍ = true"),stringAccess&&getter&&setter&&reservedWords&&zeroWidthChars}catch(e){return!1}}),Modernizr.addTest("es5undefined",function(){var e,r;try{r=window.undefined,window.undefined=12345,e=void 0===window.undefined,window.undefined=r}catch(e){return!1}return e}),Modernizr.addTest("es5",function(){return!!(Modernizr.es5array&&Modernizr.es5date&&Modernizr.es5function&&Modernizr.es5object&&Modernizr.strictmode&&Modernizr.es5string&&Modernizr.json&&Modernizr.es5syntax&&Modernizr.es5undefined)});var atRule=function(e){var r,t=prefixes.length,n=window.CSSRule;if(void 0===n)return undefined;if(!e)return!1;if(e=e.replace(/^@/,""),(r=e.replace(/-/g,"_").toUpperCase()+"_RULE")in n)return"@"+e;for(var o=0;o<t;o++){var i=prefixes[o];if(i.toUpperCase()+"_"+r in n)return"@-"+i.toLowerCase()+"-"+e}return!1};ModernizrProto.atRule=atRule;var prefixed=ModernizrProto.prefixed=function(e,r,t){return 0===e.indexOf("@")?atRule(e):(-1!==e.indexOf("-")&&(e=cssToDOM(e)),r?testPropsAll(e,r,t):testPropsAll(e,"pfx"))};Modernizr.addTest("objectfit",!!prefixed("objectFit"),{aliases:["object-fit"]}),Modernizr.addTest("localstorage",function(){var e="modernizr";try{return localStorage.setItem(e,e),localStorage.removeItem(e),!0}catch(e){return!1}}),Modernizr.addTest("es6array",!!(Array.prototype&&Array.prototype.copyWithin&&Array.prototype.fill&&Array.prototype.find&&Array.prototype.findIndex&&Array.prototype.keys&&Array.prototype.entries&&Array.prototype.values&&Array.from&&Array.of)),Modernizr.addTest("es6collections",!!(window.Map&&window.Set&&window.WeakMap&&window.WeakSet)),Modernizr.addTest("promises",function(){return"Promise"in window&&"resolve"in window.Promise&&"reject"in window.Promise&&"all"in window.Promise&&"race"in window.Promise&&function(){var e;return new window.Promise(function(r){e=r}),"function"==typeof e}()}),Modernizr.addTest("svg",!!document.createElementNS&&!!document.createElementNS("http://www.w3.org/2000/svg","svg").createSVGRect);var hasOwnProp;!function(){var e={}.hasOwnProperty;hasOwnProp=is(e,"undefined")||is(e.call,"undefined")?function(e,r){return r in e&&is(e.constructor.prototype[r],"undefined")}:function(r,t){return e.call(r,t)}}(),ModernizrProto._l={},ModernizrProto.on=function(e,r){this._l[e]||(this._l[e]=[]),this._l[e].push(r),Modernizr.hasOwnProperty(e)&&setTimeout(function(){Modernizr._trigger(e,Modernizr[e])},0)},ModernizrProto._trigger=function(e,r){if(this._l[e]){var t=this._l[e];setTimeout(function(){var e;for(e=0;e<t.length;e++)(0,t[e])(r)},0),delete this._l[e]}},Modernizr._q.push(function(){ModernizrProto.addTest=addTest}),Modernizr.addTest("svgasimg",document.implementation.hasFeature("http://www.w3.org/TR/SVG11/feature#Image","1.1")),Modernizr.addTest("svgfilters",function(){var e=!1;try{e="SVGFEColorMatrixElement"in window&&2===SVGFEColorMatrixElement.SVG_FECOLORMATRIX_TYPE_SATURATE}catch(e){}return e}),Modernizr.addTest("cssanimations",testAllProps("animationName","a",!0));var prefixes=ModernizrProto._config.usePrefixes?" -webkit- -moz- -o- -ms- ".split(" "):["",""];ModernizrProto._prefixes=prefixes;var newSyntax="CSS"in window&&"supports"in window.CSS,oldSyntax="supportsCSS"in window;Modernizr.addTest("supports",newSyntax||oldSyntax),Modernizr.addTest("cssfilters",function(){if(Modernizr.supports)return testAllProps("filter","blur(2px)");var e=createElement("a");return e.style.cssText=prefixes.join("filter:blur(2px); "),!!e.style.length&&(document.documentMode===undefined||document.documentMode>9)}),Modernizr.addTest("fetch","fetch"in window),testRunner(),setClasses(classes),delete ModernizrProto.addTest,delete ModernizrProto.addAsyncTest;for(var i=0;i<Modernizr._q.length;i++)Modernizr._q[i]();window.Modernizr=Modernizr}(window,document);
\ No newline at end of file
+ * https://modernizr.com/download/?-cssanimations-cssfilters-displaytable-es6array-es6collections-fetch-flexbox-localstorage-objectfit-promises-sandbox-svg-svgasimg-svgfilters-setclasses-cssclassprefix:modernizr_ !*/
+!function(e,t,n){function r(e,t){return typeof e===t}function o(e){var t=w.className,n=Modernizr._config.classPrefix||"";if(x&&(t=t.baseVal),Modernizr._config.enableJSClass){var r=new RegExp("(^|\\s)"+n+"no-js(\\s|$)");t=t.replace(r,"$1"+n+"js$2")}Modernizr._config.enableClasses&&(e.length>0&&(t+=" "+n+e.join(" "+n)),x?w.className.baseVal=t:w.className=t)}function i(){return"function"!=typeof t.createElement?t.createElement(arguments[0]):x?t.createElementNS.call(t,"http://www.w3.org/2000/svg",arguments[0]):t.createElement.apply(t,arguments)}function s(){var e=t.body;return e||(e=i(x?"svg":"body"),e.fake=!0),e}function a(e,n,r,o){var a,l,f,u,d="modernizr",c=i("div"),p=s();if(parseInt(r,10))for(;r--;)f=i("div"),f.id=o?o[r]:d+(r+1),c.appendChild(f);return a=i("style"),a.type="text/css",a.id="s"+d,(p.fake?p:c).appendChild(a),p.appendChild(c),a.styleSheet?a.styleSheet.cssText=e:a.appendChild(t.createTextNode(e)),c.id=d,p.fake&&(p.style.background="",p.style.overflow="hidden",u=w.style.overflow,w.style.overflow="hidden",w.appendChild(p)),l=n(c,e),p.fake?(p.parentNode.removeChild(p),w.style.overflow=u,w.offsetHeight):c.parentNode.removeChild(c),!!l}function l(e,t){return!!~(""+e).indexOf(t)}function f(e){return e.replace(/([A-Z])/g,function(e,t){return"-"+t.toLowerCase()}).replace(/^ms-/,"-ms-")}function u(t,n,r){var o;if("getComputedStyle"in e){o=getComputedStyle.call(e,t,n);var i=e.console;if(null!==o)r&&(o=o.getPropertyValue(r));else if(i){var s=i.error?"error":"log";i[s].call(i,"getComputedStyle returning null, its possible modernizr test results are inaccurate")}}else o=!n&&t.currentStyle&&t.currentStyle[r];return o}function d(t,r){var o=t.length;if("CSS"in e&&"supports"in e.CSS){for(;o--;)if(e.CSS.supports(f(t[o]),r))return!0;return!1}if("CSSSupportsRule"in e){for(var i=[];o--;)i.push("("+f(t[o])+":"+r+")");return i=i.join(" or "),a("@supports ("+i+") { #modernizr { position: absolute; } }",function(e){return"absolute"===u(e,null,"position")})}return n}function c(e){return e.replace(/([a-z])-([a-z])/g,function(e,t,n){return t+n.toUpperCase()}).replace(/^-/,"")}function p(e,t,o,s){function a(){u&&(delete E.style,delete E.modElem)}if(s=!r(s,"undefined")&&s,!r(o,"undefined")){var f=d(e,o);if(!r(f,"undefined"))return f}for(var u,p,m,y,v,h=["modernizr","tspan","samp"];!E.style&&h.length;)u=!0,E.modElem=i(h.shift()),E.style=E.modElem.style;for(m=e.length,p=0;p<m;p++)if(y=e[p],v=E.style[y],l(y,"-")&&(y=c(y)),E.style[y]!==n){if(s||r(o,"undefined"))return a(),"pfx"!==t||y;try{E.style[y]=o}catch(e){}if(E.style[y]!==v)return a(),"pfx"!==t||y}return a(),!1}function m(e,t){return function(){return e.apply(t,arguments)}}function y(e,t,n){var o;for(var i in e)if(e[i]in t)return!1===n?e[i]:(o=t[e[i]],r(o,"function")?m(o,n||t):o);return!1}function v(e,t,n,o,i){var s=e.charAt(0).toUpperCase()+e.slice(1),a=(e+" "+b.join(s+" ")+s).split(" ");return r(t,"string")||r(t,"undefined")?p(a,t,o,i):(a=(e+" "+A.join(s+" ")+s).split(" "),y(a,t,n))}function h(e,t,r){return v(e,n,n,t,r)}function g(e,t){if("object"==typeof e)for(var n in e)N(e,n)&&g(n,e[n]);else{e=e.toLowerCase();var r=e.split("."),i=Modernizr[r[0]];if(2===r.length&&(i=i[r[1]]),void 0!==i)return Modernizr;t="function"==typeof t?t():t,1===r.length?Modernizr[r[0]]=t:(!Modernizr[r[0]]||Modernizr[r[0]]instanceof Boolean||(Modernizr[r[0]]=new Boolean(Modernizr[r[0]])),Modernizr[r[0]][r[1]]=t),o([(t&&!1!==t?"":"no-")+r.join("-")]),Modernizr._trigger(e,t)}return Modernizr}var S=[],_={_version:"3.8.0",_config:{classPrefix:'modernizr_',enableClasses:!0,enableJSClass:!0,usePrefixes:!0},_q:[],on:function(e,t){var n=this;setTimeout(function(){t(n[e])},0)},addTest:function(e,t,n){S.push({name:e,fn:t,options:n})},addAsyncTest:function(e){S.push({name:null,fn:e})}},Modernizr=function(){};Modernizr.prototype=_,Modernizr=new Modernizr;var C=[],w=t.documentElement,x="svg"===w.nodeName.toLowerCase();(_.testStyles=a)("#modernizr{display: table; direction: ltr}#modernizr div{display: table-cell; padding: 10px}",function(e){var t,n=e.childNodes;t=n[0].offsetLeft<n[1].offsetLeft,Modernizr.addTest("displaytable",t,{aliases:["display-table"]})},2);var T="Moz O ms Webkit",b=_._config.usePrefixes?T.split(" "):[];_._cssomPrefixes=b;var P={elem:i("modernizr")};Modernizr._q.push(function(){delete P.elem});var E={style:P.elem.style};Modernizr._q.unshift(function(){delete E.style});var A=_._config.usePrefixes?T.toLowerCase().split(" "):[];_._domPrefixes=A,_.testAllProps=v,_.testAllProps=h,Modernizr.addTest("flexbox",h("flexBasis","1px",!0));var j=function(t){var r,o=L.length,i=e.CSSRule;if(void 0===i)return n;if(!t)return!1;if(t=t.replace(/^@/,""),(r=t.replace(/-/g,"_").toUpperCase()+"_RULE")in i)return"@"+t;for(var s=0;s<o;s++){var a=L[s];if(a.toUpperCase()+"_"+r in i)return"@-"+a.toLowerCase()+"-"+t}return!1};_.atRule=j;var z=_.prefixed=function(e,t,n){return 0===e.indexOf("@")?j(e):(-1!==e.indexOf("-")&&(e=c(e)),t?v(e,t,n):v(e,"pfx"))};Modernizr.addTest("objectfit",!!z("objectFit"),{aliases:["object-fit"]}),Modernizr.addTest("localstorage",function(){var e="modernizr";try{return localStorage.setItem(e,e),localStorage.removeItem(e),!0}catch(e){return!1}}),Modernizr.addTest("es6array",!!(Array.prototype&&Array.prototype.copyWithin&&Array.prototype.fill&&Array.prototype.find&&Array.prototype.findIndex&&Array.prototype.keys&&Array.prototype.entries&&Array.prototype.values&&Array.from&&Array.of)),Modernizr.addTest("es6collections",!!(e.Map&&e.Set&&e.WeakMap&&e.WeakSet)),Modernizr.addTest("promises",function(){return"Promise"in e&&"resolve"in e.Promise&&"reject"in e.Promise&&"all"in e.Promise&&"race"in e.Promise&&function(){var t;return new e.Promise(function(e){t=e}),"function"==typeof t}()}),Modernizr.addTest("svg",!!t.createElementNS&&!!t.createElementNS("http://www.w3.org/2000/svg","svg").createSVGRect);var N;!function(){var e={}.hasOwnProperty;N=r(e,"undefined")||r(e.call,"undefined")?function(e,t){return t in e&&r(e.constructor.prototype[t],"undefined")}:function(t,n){return e.call(t,n)}}(),_._l={},_.on=function(e,t){this._l[e]||(this._l[e]=[]),this._l[e].push(t),Modernizr.hasOwnProperty(e)&&setTimeout(function(){Modernizr._trigger(e,Modernizr[e])},0)},_._trigger=function(e,t){if(this._l[e]){var n=this._l[e];setTimeout(function(){var e;for(e=0;e<n.length;e++)(0,n[e])(t)},0),delete this._l[e]}},Modernizr._q.push(function(){_.addTest=g}),Modernizr.addTest("svgasimg",t.implementation.hasFeature("http://www.w3.org/TR/SVG11/feature#Image","1.1")),Modernizr.addTest("svgfilters",function(){var t=!1;try{t="SVGFEColorMatrixElement"in e&&2===SVGFEColorMatrixElement.SVG_FECOLORMATRIX_TYPE_SATURATE}catch(e){}return t}),Modernizr.addTest("cssanimations",h("animationName","a",!0));var L=_._config.usePrefixes?" -webkit- -moz- -o- -ms- ".split(" "):["",""];_._prefixes=L;var R="CSS"in e&&"supports"in e.CSS,k="supportsCSS"in e;Modernizr.addTest("supports",R||k),Modernizr.addTest("cssfilters",function(){if(Modernizr.supports)return h("filter","blur(2px)");var e=i("a");return e.style.cssText=L.join("filter:blur(2px); "),!!e.style.length&&(t.documentMode===n||t.documentMode>9)}),Modernizr.addTest("fetch","fetch"in e),Modernizr.addTest("sandbox","sandbox"in i("iframe")),function(){var e,t,n,o,i,s,a;for(var l in S)if(S.hasOwnProperty(l)){if(e=[],t=S[l],t.name&&(e.push(t.name.toLowerCase()),t.options&&t.options.aliases&&t.options.aliases.length))for(n=0;n<t.options.aliases.length;n++)e.push(t.options.aliases[n].toLowerCase());for(o=r(t.fn,"function")?t.fn():t.fn,i=0;i<e.length;i++)s=e[i],a=s.split("."),1===a.length?Modernizr[a[0]]=o:(Modernizr[a[0]]&&(!Modernizr[a[0]]||Modernizr[a[0]]instanceof Boolean)||(Modernizr[a[0]]=new Boolean(Modernizr[a[0]])),Modernizr[a[0]][a[1]]=o),C.push((o?"":"no-")+a.join("-"))}}(),o(C),delete _.addTest,delete _.addAsyncTest;for(var O=0;O<Modernizr._q.length;O++)Modernizr._q[O]();e.Modernizr=Modernizr}(window,document);
\ No newline at end of file
diff --git a/src/vector/usercontent/index.html b/src/vector/usercontent/index.html
new file mode 100644
index 00000000..90a0fe7c
--- /dev/null
+++ b/src/vector/usercontent/index.html
@@ -0,0 +1,12 @@
+<html>
+<head>
+    <!--
+    Hello! If you're reading this, perhaps you're wondering what this
+    file is doing and why your Riot is using it.
+    In short, this allows Riot to isolate potentially unsafe encrypted
+    attachments into their own origin, away from your Riot.
+    Stay curious!
+    -->
+</head>
+<body></body>
+</html>
diff --git a/src/vector/usercontent/index.js b/src/vector/usercontent/index.js
new file mode 100644
index 00000000..9c1901f5
--- /dev/null
+++ b/src/vector/usercontent/index.js
@@ -0,0 +1,48 @@
+var params = window.location.search.substring(1).split('&');
+var lockOrigin;
+for (var i = 0; i < params.length; ++i) {
+    var parts = params[i].split('=');
+    if (parts[0] === 'origin') lockOrigin = decodeURIComponent(parts[1]);
+}
+
+function remoteRender(event) {
+    const data = event.data;
+
+    const img = document.createElement("img");
+    img.id = "img";
+    img.src = data.imgSrc;
+
+    const a = document.createElement("a");
+    a.id = "a";
+    a.rel = data.rel;
+    a.target = data.target;
+    a.download = data.download;
+    a.style = data.style;
+    a.style.fontFamily = "Arial, Helvetica, Sans-Serif";
+    a.href = window.URL.createObjectURL(data.blob);
+    a.appendChild(img);
+    a.appendChild(document.createTextNode(data.textContent));
+
+    const body = document.body;
+    // Don't display scrollbars if the link takes more than one line to display.
+    body.style = "margin: 0px; overflow: hidden";
+    body.appendChild(a);
+}
+
+function remoteSetTint(event) {
+    const data = event.data;
+
+    const img = document.getElementById("img");
+    img.src = data.imgSrc;
+    img.style = data.imgStyle;
+
+    const a = document.getElementById("a");
+    a.style = data.style;
+}
+
+window.onmessage = function(e) {
+    if (lockOrigin === undefined || e.origin === lockOrigin) {
+        if (e.data.blob) remoteRender(e);
+        else remoteSetTint(e);
+    }
+};
diff --git a/webpack.config.js b/webpack.config.js
index b594b129..d0b7f0e3 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -18,7 +18,7 @@ module.exports = (env, argv) => {
     if (argv.mode !== "production") {
         // This makes the sourcemaps human readable for developers. We use eval-source-map
         // because the plain source-map devtool ruins the alignment.
-        development['devtool'] = 'eval-source-map';
+        development['devtool'] = 'source-map';
     }
 
     // Resolve the directories for the react-sdk and js-sdk for later use. We resolve these early so we
@@ -34,6 +34,7 @@ module.exports = (env, argv) => {
             "bundle": "./src/vector/index.js",
             "indexeddb-worker": "./src/vector/indexeddb-worker.js",
             "mobileguide": "./src/vector/mobile_guide/index.js",
+            "usercontent": "./src/vector/usercontent/index.js",
 
             // CSS themes
             "theme-light": "./node_modules/matrix-react-sdk/res/themes/light/css/light.scss",
@@ -302,7 +303,7 @@ module.exports = (env, argv) => {
                 // HtmlWebpackPlugin will screw up our formatting like the names
                 // of the themes and which chunks we actually care about.
                 inject: false,
-                excludeChunks: ['mobileguide'],
+                excludeChunks: ['mobileguide', 'usercontent'],
                 minify: argv.mode === 'production',
                 vars: {
                     og_image_url: og_image_url,
@@ -316,6 +317,14 @@ module.exports = (env, argv) => {
                 minify: argv.mode === 'production',
                 chunks: ['mobileguide'],
             }),
+
+            // This is the usercontent sandbox's entry point (separate for iframing)
+            new HtmlWebpackPlugin({
+                template: './src/vector/usercontent/index.html',
+                filename: 'usercontent/index.html',
+                minify: argv.mode === 'production',
+                chunks: ['usercontent'],
+            }),
         ],
 
         output: {
@@ -346,6 +355,7 @@ module.exports = (env, argv) => {
             // tedious in Riot since that can take a while.
             hot: false,
             inline: false,
+            disableHostCheck: true,
         },
     };
 };

From d39d89de83c27829f6e6a14c847968f0084310d1 Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Fri, 7 Feb 2020 22:08:57 +0000
Subject: [PATCH 2/7] revert modernizr change

---
 .modernizr.json         | 1 +
 src/vector/modernizr.js | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.modernizr.json b/.modernizr.json
index bd55bd2d..1c68542c 100644
--- a/.modernizr.json
+++ b/.modernizr.json
@@ -7,6 +7,7 @@
   "feature-detects": [
     "test/css/displaytable",
     "test/css/flexbox",
+    "test/es5/specification",
     "test/css/objectfit",
     "test/storage/localstorage",
     "test/es6/array",
diff --git a/src/vector/modernizr.js b/src/vector/modernizr.js
index ca3f6868..5470b053 100644
--- a/src/vector/modernizr.js
+++ b/src/vector/modernizr.js
@@ -1,3 +1,3 @@
 /*! modernizr 3.8.0 (Custom Build) | MIT *
- * https://modernizr.com/download/?-cssanimations-cssfilters-displaytable-es6array-es6collections-fetch-flexbox-localstorage-objectfit-promises-sandbox-svg-svgasimg-svgfilters-setclasses-cssclassprefix:modernizr_ !*/
-!function(e,t,n){function r(e,t){return typeof e===t}function o(e){var t=w.className,n=Modernizr._config.classPrefix||"";if(x&&(t=t.baseVal),Modernizr._config.enableJSClass){var r=new RegExp("(^|\\s)"+n+"no-js(\\s|$)");t=t.replace(r,"$1"+n+"js$2")}Modernizr._config.enableClasses&&(e.length>0&&(t+=" "+n+e.join(" "+n)),x?w.className.baseVal=t:w.className=t)}function i(){return"function"!=typeof t.createElement?t.createElement(arguments[0]):x?t.createElementNS.call(t,"http://www.w3.org/2000/svg",arguments[0]):t.createElement.apply(t,arguments)}function s(){var e=t.body;return e||(e=i(x?"svg":"body"),e.fake=!0),e}function a(e,n,r,o){var a,l,f,u,d="modernizr",c=i("div"),p=s();if(parseInt(r,10))for(;r--;)f=i("div"),f.id=o?o[r]:d+(r+1),c.appendChild(f);return a=i("style"),a.type="text/css",a.id="s"+d,(p.fake?p:c).appendChild(a),p.appendChild(c),a.styleSheet?a.styleSheet.cssText=e:a.appendChild(t.createTextNode(e)),c.id=d,p.fake&&(p.style.background="",p.style.overflow="hidden",u=w.style.overflow,w.style.overflow="hidden",w.appendChild(p)),l=n(c,e),p.fake?(p.parentNode.removeChild(p),w.style.overflow=u,w.offsetHeight):c.parentNode.removeChild(c),!!l}function l(e,t){return!!~(""+e).indexOf(t)}function f(e){return e.replace(/([A-Z])/g,function(e,t){return"-"+t.toLowerCase()}).replace(/^ms-/,"-ms-")}function u(t,n,r){var o;if("getComputedStyle"in e){o=getComputedStyle.call(e,t,n);var i=e.console;if(null!==o)r&&(o=o.getPropertyValue(r));else if(i){var s=i.error?"error":"log";i[s].call(i,"getComputedStyle returning null, its possible modernizr test results are inaccurate")}}else o=!n&&t.currentStyle&&t.currentStyle[r];return o}function d(t,r){var o=t.length;if("CSS"in e&&"supports"in e.CSS){for(;o--;)if(e.CSS.supports(f(t[o]),r))return!0;return!1}if("CSSSupportsRule"in e){for(var i=[];o--;)i.push("("+f(t[o])+":"+r+")");return i=i.join(" or "),a("@supports ("+i+") { #modernizr { position: absolute; } }",function(e){return"absolute"===u(e,null,"position")})}return n}function c(e){return e.replace(/([a-z])-([a-z])/g,function(e,t,n){return t+n.toUpperCase()}).replace(/^-/,"")}function p(e,t,o,s){function a(){u&&(delete E.style,delete E.modElem)}if(s=!r(s,"undefined")&&s,!r(o,"undefined")){var f=d(e,o);if(!r(f,"undefined"))return f}for(var u,p,m,y,v,h=["modernizr","tspan","samp"];!E.style&&h.length;)u=!0,E.modElem=i(h.shift()),E.style=E.modElem.style;for(m=e.length,p=0;p<m;p++)if(y=e[p],v=E.style[y],l(y,"-")&&(y=c(y)),E.style[y]!==n){if(s||r(o,"undefined"))return a(),"pfx"!==t||y;try{E.style[y]=o}catch(e){}if(E.style[y]!==v)return a(),"pfx"!==t||y}return a(),!1}function m(e,t){return function(){return e.apply(t,arguments)}}function y(e,t,n){var o;for(var i in e)if(e[i]in t)return!1===n?e[i]:(o=t[e[i]],r(o,"function")?m(o,n||t):o);return!1}function v(e,t,n,o,i){var s=e.charAt(0).toUpperCase()+e.slice(1),a=(e+" "+b.join(s+" ")+s).split(" ");return r(t,"string")||r(t,"undefined")?p(a,t,o,i):(a=(e+" "+A.join(s+" ")+s).split(" "),y(a,t,n))}function h(e,t,r){return v(e,n,n,t,r)}function g(e,t){if("object"==typeof e)for(var n in e)N(e,n)&&g(n,e[n]);else{e=e.toLowerCase();var r=e.split("."),i=Modernizr[r[0]];if(2===r.length&&(i=i[r[1]]),void 0!==i)return Modernizr;t="function"==typeof t?t():t,1===r.length?Modernizr[r[0]]=t:(!Modernizr[r[0]]||Modernizr[r[0]]instanceof Boolean||(Modernizr[r[0]]=new Boolean(Modernizr[r[0]])),Modernizr[r[0]][r[1]]=t),o([(t&&!1!==t?"":"no-")+r.join("-")]),Modernizr._trigger(e,t)}return Modernizr}var S=[],_={_version:"3.8.0",_config:{classPrefix:'modernizr_',enableClasses:!0,enableJSClass:!0,usePrefixes:!0},_q:[],on:function(e,t){var n=this;setTimeout(function(){t(n[e])},0)},addTest:function(e,t,n){S.push({name:e,fn:t,options:n})},addAsyncTest:function(e){S.push({name:null,fn:e})}},Modernizr=function(){};Modernizr.prototype=_,Modernizr=new Modernizr;var C=[],w=t.documentElement,x="svg"===w.nodeName.toLowerCase();(_.testStyles=a)("#modernizr{display: table; direction: ltr}#modernizr div{display: table-cell; padding: 10px}",function(e){var t,n=e.childNodes;t=n[0].offsetLeft<n[1].offsetLeft,Modernizr.addTest("displaytable",t,{aliases:["display-table"]})},2);var T="Moz O ms Webkit",b=_._config.usePrefixes?T.split(" "):[];_._cssomPrefixes=b;var P={elem:i("modernizr")};Modernizr._q.push(function(){delete P.elem});var E={style:P.elem.style};Modernizr._q.unshift(function(){delete E.style});var A=_._config.usePrefixes?T.toLowerCase().split(" "):[];_._domPrefixes=A,_.testAllProps=v,_.testAllProps=h,Modernizr.addTest("flexbox",h("flexBasis","1px",!0));var j=function(t){var r,o=L.length,i=e.CSSRule;if(void 0===i)return n;if(!t)return!1;if(t=t.replace(/^@/,""),(r=t.replace(/-/g,"_").toUpperCase()+"_RULE")in i)return"@"+t;for(var s=0;s<o;s++){var a=L[s];if(a.toUpperCase()+"_"+r in i)return"@-"+a.toLowerCase()+"-"+t}return!1};_.atRule=j;var z=_.prefixed=function(e,t,n){return 0===e.indexOf("@")?j(e):(-1!==e.indexOf("-")&&(e=c(e)),t?v(e,t,n):v(e,"pfx"))};Modernizr.addTest("objectfit",!!z("objectFit"),{aliases:["object-fit"]}),Modernizr.addTest("localstorage",function(){var e="modernizr";try{return localStorage.setItem(e,e),localStorage.removeItem(e),!0}catch(e){return!1}}),Modernizr.addTest("es6array",!!(Array.prototype&&Array.prototype.copyWithin&&Array.prototype.fill&&Array.prototype.find&&Array.prototype.findIndex&&Array.prototype.keys&&Array.prototype.entries&&Array.prototype.values&&Array.from&&Array.of)),Modernizr.addTest("es6collections",!!(e.Map&&e.Set&&e.WeakMap&&e.WeakSet)),Modernizr.addTest("promises",function(){return"Promise"in e&&"resolve"in e.Promise&&"reject"in e.Promise&&"all"in e.Promise&&"race"in e.Promise&&function(){var t;return new e.Promise(function(e){t=e}),"function"==typeof t}()}),Modernizr.addTest("svg",!!t.createElementNS&&!!t.createElementNS("http://www.w3.org/2000/svg","svg").createSVGRect);var N;!function(){var e={}.hasOwnProperty;N=r(e,"undefined")||r(e.call,"undefined")?function(e,t){return t in e&&r(e.constructor.prototype[t],"undefined")}:function(t,n){return e.call(t,n)}}(),_._l={},_.on=function(e,t){this._l[e]||(this._l[e]=[]),this._l[e].push(t),Modernizr.hasOwnProperty(e)&&setTimeout(function(){Modernizr._trigger(e,Modernizr[e])},0)},_._trigger=function(e,t){if(this._l[e]){var n=this._l[e];setTimeout(function(){var e;for(e=0;e<n.length;e++)(0,n[e])(t)},0),delete this._l[e]}},Modernizr._q.push(function(){_.addTest=g}),Modernizr.addTest("svgasimg",t.implementation.hasFeature("http://www.w3.org/TR/SVG11/feature#Image","1.1")),Modernizr.addTest("svgfilters",function(){var t=!1;try{t="SVGFEColorMatrixElement"in e&&2===SVGFEColorMatrixElement.SVG_FECOLORMATRIX_TYPE_SATURATE}catch(e){}return t}),Modernizr.addTest("cssanimations",h("animationName","a",!0));var L=_._config.usePrefixes?" -webkit- -moz- -o- -ms- ".split(" "):["",""];_._prefixes=L;var R="CSS"in e&&"supports"in e.CSS,k="supportsCSS"in e;Modernizr.addTest("supports",R||k),Modernizr.addTest("cssfilters",function(){if(Modernizr.supports)return h("filter","blur(2px)");var e=i("a");return e.style.cssText=L.join("filter:blur(2px); "),!!e.style.length&&(t.documentMode===n||t.documentMode>9)}),Modernizr.addTest("fetch","fetch"in e),Modernizr.addTest("sandbox","sandbox"in i("iframe")),function(){var e,t,n,o,i,s,a;for(var l in S)if(S.hasOwnProperty(l)){if(e=[],t=S[l],t.name&&(e.push(t.name.toLowerCase()),t.options&&t.options.aliases&&t.options.aliases.length))for(n=0;n<t.options.aliases.length;n++)e.push(t.options.aliases[n].toLowerCase());for(o=r(t.fn,"function")?t.fn():t.fn,i=0;i<e.length;i++)s=e[i],a=s.split("."),1===a.length?Modernizr[a[0]]=o:(Modernizr[a[0]]&&(!Modernizr[a[0]]||Modernizr[a[0]]instanceof Boolean)||(Modernizr[a[0]]=new Boolean(Modernizr[a[0]])),Modernizr[a[0]][a[1]]=o),C.push((o?"":"no-")+a.join("-"))}}(),o(C),delete _.addTest,delete _.addAsyncTest;for(var O=0;O<Modernizr._q.length;O++)Modernizr._q[O]();e.Modernizr=Modernizr}(window,document);
\ No newline at end of file
+ * https://modernizr.com/download/?-cssanimations-cssfilters-displaytable-es5-es6array-es6collections-fetch-flexbox-localstorage-objectfit-promises-sandbox-svg-svgasimg-svgfilters-setclasses-cssclassprefix:modernizr_ !*/
+!function(window,document,undefined){function is(e,r){return typeof e===r}function testRunner(){var e,r,t,n,o,i,s;for(var d in tests)if(tests.hasOwnProperty(d)){if(e=[],r=tests[d],r.name&&(e.push(r.name.toLowerCase()),r.options&&r.options.aliases&&r.options.aliases.length))for(t=0;t<r.options.aliases.length;t++)e.push(r.options.aliases[t].toLowerCase());for(n=is(r.fn,"function")?r.fn():r.fn,o=0;o<e.length;o++)i=e[o],s=i.split("."),1===s.length?Modernizr[s[0]]=n:(Modernizr[s[0]]&&(!Modernizr[s[0]]||Modernizr[s[0]]instanceof Boolean)||(Modernizr[s[0]]=new Boolean(Modernizr[s[0]])),Modernizr[s[0]][s[1]]=n),classes.push((n?"":"no-")+s.join("-"))}}function setClasses(e){var r=docElement.className,t=Modernizr._config.classPrefix||"";if(isSVG&&(r=r.baseVal),Modernizr._config.enableJSClass){var n=new RegExp("(^|\\s)"+t+"no-js(\\s|$)");r=r.replace(n,"$1"+t+"js$2")}Modernizr._config.enableClasses&&(e.length>0&&(r+=" "+t+e.join(" "+t)),isSVG?docElement.className.baseVal=r:docElement.className=r)}function createElement(){return"function"!=typeof document.createElement?document.createElement(arguments[0]):isSVG?document.createElementNS.call(document,"http://www.w3.org/2000/svg",arguments[0]):document.createElement.apply(document,arguments)}function getBody(){var e=document.body;return e||(e=createElement(isSVG?"svg":"body"),e.fake=!0),e}function injectElementWithStyles(e,r,t,n){var o,i,s,d,a="modernizr",l=createElement("div"),c=getBody();if(parseInt(t,10))for(;t--;)s=createElement("div"),s.id=n?n[t]:a+(t+1),l.appendChild(s);return o=createElement("style"),o.type="text/css",o.id="s"+a,(c.fake?c:l).appendChild(o),c.appendChild(l),o.styleSheet?o.styleSheet.cssText=e:o.appendChild(document.createTextNode(e)),l.id=a,c.fake&&(c.style.background="",c.style.overflow="hidden",d=docElement.style.overflow,docElement.style.overflow="hidden",docElement.appendChild(c)),i=r(l,e),c.fake?(c.parentNode.removeChild(c),docElement.style.overflow=d,docElement.offsetHeight):l.parentNode.removeChild(l),!!i}function contains(e,r){return!!~(""+e).indexOf(r)}function domToCSS(e){return e.replace(/([A-Z])/g,function(e,r){return"-"+r.toLowerCase()}).replace(/^ms-/,"-ms-")}function computedStyle(e,r,t){var n;if("getComputedStyle"in window){n=getComputedStyle.call(window,e,r);var o=window.console;if(null!==n)t&&(n=n.getPropertyValue(t));else if(o){var i=o.error?"error":"log";o[i].call(o,"getComputedStyle returning null, its possible modernizr test results are inaccurate")}}else n=!r&&e.currentStyle&&e.currentStyle[t];return n}function nativeTestProps(e,r){var t=e.length;if("CSS"in window&&"supports"in window.CSS){for(;t--;)if(window.CSS.supports(domToCSS(e[t]),r))return!0;return!1}if("CSSSupportsRule"in window){for(var n=[];t--;)n.push("("+domToCSS(e[t])+":"+r+")");return n=n.join(" or "),injectElementWithStyles("@supports ("+n+") { #modernizr { position: absolute; } }",function(e){return"absolute"===computedStyle(e,null,"position")})}return undefined}function cssToDOM(e){return e.replace(/([a-z])-([a-z])/g,function(e,r,t){return r+t.toUpperCase()}).replace(/^-/,"")}function testProps(e,r,t,n){function o(){s&&(delete mStyle.style,delete mStyle.modElem)}if(n=!is(n,"undefined")&&n,!is(t,"undefined")){var i=nativeTestProps(e,t);if(!is(i,"undefined"))return i}for(var s,d,a,l,c,u=["modernizr","tspan","samp"];!mStyle.style&&u.length;)s=!0,mStyle.modElem=createElement(u.shift()),mStyle.style=mStyle.modElem.style;for(a=e.length,d=0;d<a;d++)if(l=e[d],c=mStyle.style[l],contains(l,"-")&&(l=cssToDOM(l)),mStyle.style[l]!==undefined){if(n||is(t,"undefined"))return o(),"pfx"!==r||l;try{mStyle.style[l]=t}catch(e){}if(mStyle.style[l]!==c)return o(),"pfx"!==r||l}return o(),!1}function fnBind(e,r){return function(){return e.apply(r,arguments)}}function testDOMProps(e,r,t){var n;for(var o in e)if(e[o]in r)return!1===t?e[o]:(n=r[e[o]],is(n,"function")?fnBind(n,t||r):n);return!1}function testPropsAll(e,r,t,n,o){var i=e.charAt(0).toUpperCase()+e.slice(1),s=(e+" "+cssomPrefixes.join(i+" ")+i).split(" ");return is(r,"string")||is(r,"undefined")?testProps(s,r,n,o):(s=(e+" "+domPrefixes.join(i+" ")+i).split(" "),testDOMProps(s,r,t))}function testAllProps(e,r,t){return testPropsAll(e,undefined,undefined,r,t)}function addTest(e,r){if("object"==typeof e)for(var t in e)hasOwnProp(e,t)&&addTest(t,e[t]);else{e=e.toLowerCase();var n=e.split("."),o=Modernizr[n[0]];if(2===n.length&&(o=o[n[1]]),void 0!==o)return Modernizr;r="function"==typeof r?r():r,1===n.length?Modernizr[n[0]]=r:(!Modernizr[n[0]]||Modernizr[n[0]]instanceof Boolean||(Modernizr[n[0]]=new Boolean(Modernizr[n[0]])),Modernizr[n[0]][n[1]]=r),setClasses([(r&&!1!==r?"":"no-")+n.join("-")]),Modernizr._trigger(e,r)}return Modernizr}var tests=[],ModernizrProto={_version:"3.8.0",_config:{classPrefix:'modernizr_',enableClasses:!0,enableJSClass:!0,usePrefixes:!0},_q:[],on:function(e,r){var t=this;setTimeout(function(){r(t[e])},0)},addTest:function(e,r,t){tests.push({name:e,fn:r,options:t})},addAsyncTest:function(e){tests.push({name:null,fn:e})}},Modernizr=function(){};Modernizr.prototype=ModernizrProto,Modernizr=new Modernizr;var classes=[],docElement=document.documentElement,isSVG="svg"===docElement.nodeName.toLowerCase(),testStyles=ModernizrProto.testStyles=injectElementWithStyles;testStyles("#modernizr{display: table; direction: ltr}#modernizr div{display: table-cell; padding: 10px}",function(e){var r,t=e.childNodes;r=t[0].offsetLeft<t[1].offsetLeft,Modernizr.addTest("displaytable",r,{aliases:["display-table"]})},2);var omPrefixes="Moz O ms Webkit",cssomPrefixes=ModernizrProto._config.usePrefixes?omPrefixes.split(" "):[];ModernizrProto._cssomPrefixes=cssomPrefixes;var modElem={elem:createElement("modernizr")};Modernizr._q.push(function(){delete modElem.elem});var mStyle={style:modElem.elem.style};Modernizr._q.unshift(function(){delete mStyle.style});var domPrefixes=ModernizrProto._config.usePrefixes?omPrefixes.toLowerCase().split(" "):[];ModernizrProto._domPrefixes=domPrefixes,ModernizrProto.testAllProps=testPropsAll,ModernizrProto.testAllProps=testAllProps,Modernizr.addTest("flexbox",testAllProps("flexBasis","1px",!0)),Modernizr.addTest("es5array",function(){return!!(Array.prototype&&Array.prototype.every&&Array.prototype.filter&&Array.prototype.forEach&&Array.prototype.indexOf&&Array.prototype.lastIndexOf&&Array.prototype.map&&Array.prototype.some&&Array.prototype.reduce&&Array.prototype.reduceRight&&Array.isArray)}),Modernizr.addTest("es5date",function(){var e=!1;try{e=!!Date.parse("2013-04-12T06:06:37.307Z")}catch(e){}return!!(Date.now&&Date.prototype&&Date.prototype.toISOString&&Date.prototype.toJSON&&e)}),Modernizr.addTest("es5function",function(){return!(!Function.prototype||!Function.prototype.bind)}),Modernizr.addTest("es5object",function(){return!!(Object.keys&&Object.create&&Object.getPrototypeOf&&Object.getOwnPropertyNames&&Object.isSealed&&Object.isFrozen&&Object.isExtensible&&Object.getOwnPropertyDescriptor&&Object.defineProperty&&Object.defineProperties&&Object.seal&&Object.freeze&&Object.preventExtensions)}),Modernizr.addTest("strictmode",function(){"use strict";return!this}()),Modernizr.addTest("es5string",function(){return!(!String.prototype||!String.prototype.trim)}),Modernizr.addTest("json","JSON"in window&&"parse"in JSON&&"stringify"in JSON),Modernizr.addTest("es5syntax",function(){var value,obj,stringAccess,getter,setter,reservedWords,zeroWidthChars;try{return stringAccess=eval('"foobar"[3] === "b"'),getter=eval("({ get x(){ return 1 } }).x === 1"),eval("({ set x(v){ value = v; } }).x = 1"),setter=1===value,eval("obj = ({ if: 1 })"),reservedWords=1===obj.if,zeroWidthChars=eval("_‌‍ = true"),stringAccess&&getter&&setter&&reservedWords&&zeroWidthChars}catch(e){return!1}}),Modernizr.addTest("es5undefined",function(){var e,r;try{r=window.undefined,window.undefined=12345,e=void 0===window.undefined,window.undefined=r}catch(e){return!1}return e}),Modernizr.addTest("es5",function(){return!!(Modernizr.es5array&&Modernizr.es5date&&Modernizr.es5function&&Modernizr.es5object&&Modernizr.strictmode&&Modernizr.es5string&&Modernizr.json&&Modernizr.es5syntax&&Modernizr.es5undefined)});var atRule=function(e){var r,t=prefixes.length,n=window.CSSRule;if(void 0===n)return undefined;if(!e)return!1;if(e=e.replace(/^@/,""),(r=e.replace(/-/g,"_").toUpperCase()+"_RULE")in n)return"@"+e;for(var o=0;o<t;o++){var i=prefixes[o];if(i.toUpperCase()+"_"+r in n)return"@-"+i.toLowerCase()+"-"+e}return!1};ModernizrProto.atRule=atRule;var prefixed=ModernizrProto.prefixed=function(e,r,t){return 0===e.indexOf("@")?atRule(e):(-1!==e.indexOf("-")&&(e=cssToDOM(e)),r?testPropsAll(e,r,t):testPropsAll(e,"pfx"))};Modernizr.addTest("objectfit",!!prefixed("objectFit"),{aliases:["object-fit"]}),Modernizr.addTest("localstorage",function(){var e="modernizr";try{return localStorage.setItem(e,e),localStorage.removeItem(e),!0}catch(e){return!1}}),Modernizr.addTest("es6array",!!(Array.prototype&&Array.prototype.copyWithin&&Array.prototype.fill&&Array.prototype.find&&Array.prototype.findIndex&&Array.prototype.keys&&Array.prototype.entries&&Array.prototype.values&&Array.from&&Array.of)),Modernizr.addTest("es6collections",!!(window.Map&&window.Set&&window.WeakMap&&window.WeakSet)),Modernizr.addTest("promises",function(){return"Promise"in window&&"resolve"in window.Promise&&"reject"in window.Promise&&"all"in window.Promise&&"race"in window.Promise&&function(){var e;return new window.Promise(function(r){e=r}),"function"==typeof e}()}),Modernizr.addTest("svg",!!document.createElementNS&&!!document.createElementNS("http://www.w3.org/2000/svg","svg").createSVGRect);var hasOwnProp;!function(){var e={}.hasOwnProperty;hasOwnProp=is(e,"undefined")||is(e.call,"undefined")?function(e,r){return r in e&&is(e.constructor.prototype[r],"undefined")}:function(r,t){return e.call(r,t)}}(),ModernizrProto._l={},ModernizrProto.on=function(e,r){this._l[e]||(this._l[e]=[]),this._l[e].push(r),Modernizr.hasOwnProperty(e)&&setTimeout(function(){Modernizr._trigger(e,Modernizr[e])},0)},ModernizrProto._trigger=function(e,r){if(this._l[e]){var t=this._l[e];setTimeout(function(){var e;for(e=0;e<t.length;e++)(0,t[e])(r)},0),delete this._l[e]}},Modernizr._q.push(function(){ModernizrProto.addTest=addTest}),Modernizr.addTest("svgasimg",document.implementation.hasFeature("http://www.w3.org/TR/SVG11/feature#Image","1.1")),Modernizr.addTest("svgfilters",function(){var e=!1;try{e="SVGFEColorMatrixElement"in window&&2===SVGFEColorMatrixElement.SVG_FECOLORMATRIX_TYPE_SATURATE}catch(e){}return e}),Modernizr.addTest("cssanimations",testAllProps("animationName","a",!0));var prefixes=ModernizrProto._config.usePrefixes?" -webkit- -moz- -o- -ms- ".split(" "):["",""];ModernizrProto._prefixes=prefixes;var newSyntax="CSS"in window&&"supports"in window.CSS,oldSyntax="supportsCSS"in window;Modernizr.addTest("supports",newSyntax||oldSyntax),Modernizr.addTest("cssfilters",function(){if(Modernizr.supports)return testAllProps("filter","blur(2px)");var e=createElement("a");return e.style.cssText=prefixes.join("filter:blur(2px); "),!!e.style.length&&(document.documentMode===undefined||document.documentMode>9)}),Modernizr.addTest("fetch","fetch"in window),Modernizr.addTest("sandbox","sandbox"in createElement("iframe")),testRunner(),setClasses(classes),delete ModernizrProto.addTest,delete ModernizrProto.addAsyncTest;for(var i=0;i<Modernizr._q.length;i++)Modernizr._q[i]();window.Modernizr=Modernizr}(window,document);
\ No newline at end of file

From 0c62db3615a8f646ece09ef2f9043a5a951d1d3e Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Fri, 7 Feb 2020 22:09:41 +0000
Subject: [PATCH 3/7] revert webpack changes

---
 webpack.config.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/webpack.config.js b/webpack.config.js
index d0b7f0e3..86e6eb1d 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -18,7 +18,7 @@ module.exports = (env, argv) => {
     if (argv.mode !== "production") {
         // This makes the sourcemaps human readable for developers. We use eval-source-map
         // because the plain source-map devtool ruins the alignment.
-        development['devtool'] = 'source-map';
+        development['devtool'] = 'eval-source-map';
     }
 
     // Resolve the directories for the react-sdk and js-sdk for later use. We resolve these early so we
@@ -355,7 +355,6 @@ module.exports = (env, argv) => {
             // tedious in Riot since that can take a while.
             hot: false,
             inline: false,
-            disableHostCheck: true,
         },
     };
 };

From b7ed7a1dd789cc19bf27ffb68e7ae3260f95cfc1 Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Thu, 13 Feb 2020 16:53:45 +0000
Subject: [PATCH 4/7] Update comments and such

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---
 src/vector/usercontent/index.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/vector/usercontent/index.js b/src/vector/usercontent/index.js
index 9c1901f5..8e77f686 100644
--- a/src/vector/usercontent/index.js
+++ b/src/vector/usercontent/index.js
@@ -11,11 +11,12 @@ function remoteRender(event) {
     const img = document.createElement("img");
     img.id = "img";
     img.src = data.imgSrc;
+    img.style = data.imgStyle;
 
     const a = document.createElement("a");
     a.id = "a";
-    a.rel = data.rel;
-    a.target = data.target;
+    a.rel = "noopener";
+    a.target = "_blank";
     a.download = data.download;
     a.style = data.style;
     a.style.fontFamily = "Arial, Helvetica, Sans-Serif";

From 22d0d1029ea3f995dfffa033923a6585fb50c5a3 Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Thu, 13 Feb 2020 16:55:23 +0000
Subject: [PATCH 5/7] update README

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---
 README.md | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 2ae71146..c4f63d96 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ Riot
 Riot (formerly known as Vector) is a Matrix web client built using the [Matrix React SDK](https://github.com/matrix-org/matrix-react-sdk).
 
 Riot is officially supported on the web in the last 2 major versions of Chrome, Firefox, and Safari. For Riot on Desktop (electron),
-only the officially published app is supported. Other browsers and packages may work, however official support is not provided. 
+only the officially published app is supported. Other browsers and packages may work, however official support is not provided.
 For accessing Riot on an Android or iOS device, check out [riot-android](https://github.com/vector-im/riot-android)
 and [riot-ios](https://github.com/vector-im/riot-ios) - riot-web does not support mobile devices.
 
@@ -52,15 +52,6 @@ We have put some coarse mitigations into place to try to protect against this
 situation, but it's still not good practice to do it in the first place.  See
 https://github.com/vector-im/riot-web/issues/1977 for more details.
 
-The same applies for end-to-end encrypted content, but since this is decrypted
-on the client, Riot needs a way to supply the decrypted content from a separate
-origin to the one Riot is hosted on. This currently done with a 'cross origin
-renderer' which is a small piece of javascript hosted on a different domain.
-To avoid all Riot installs needing one of these to be set up, riot.im hosts
-one on usercontent.riot.im which is used by default.
-https://github.com/vector-im/riot-web/issues/6173 tracks progress on replacing
-this with something better.
-
 Building From Source
 ====================
 

From 7664eb27c4d53dfeb9fbf57813af254262a456ff Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Thu, 13 Feb 2020 16:58:28 +0000
Subject: [PATCH 6/7] Move bulk to react-sdk and reference it from riot-web
 land

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---
 src/vector/usercontent/index.html | 12 --------
 src/vector/usercontent/index.js   | 49 -------------------------------
 webpack.config.js                 |  4 +--
 3 files changed, 2 insertions(+), 63 deletions(-)
 delete mode 100644 src/vector/usercontent/index.html
 delete mode 100644 src/vector/usercontent/index.js

diff --git a/src/vector/usercontent/index.html b/src/vector/usercontent/index.html
deleted file mode 100644
index 90a0fe7c..00000000
--- a/src/vector/usercontent/index.html
+++ /dev/null
@@ -1,12 +0,0 @@
-<html>
-<head>
-    <!--
-    Hello! If you're reading this, perhaps you're wondering what this
-    file is doing and why your Riot is using it.
-    In short, this allows Riot to isolate potentially unsafe encrypted
-    attachments into their own origin, away from your Riot.
-    Stay curious!
-    -->
-</head>
-<body></body>
-</html>
diff --git a/src/vector/usercontent/index.js b/src/vector/usercontent/index.js
deleted file mode 100644
index 8e77f686..00000000
--- a/src/vector/usercontent/index.js
+++ /dev/null
@@ -1,49 +0,0 @@
-var params = window.location.search.substring(1).split('&');
-var lockOrigin;
-for (var i = 0; i < params.length; ++i) {
-    var parts = params[i].split('=');
-    if (parts[0] === 'origin') lockOrigin = decodeURIComponent(parts[1]);
-}
-
-function remoteRender(event) {
-    const data = event.data;
-
-    const img = document.createElement("img");
-    img.id = "img";
-    img.src = data.imgSrc;
-    img.style = data.imgStyle;
-
-    const a = document.createElement("a");
-    a.id = "a";
-    a.rel = "noopener";
-    a.target = "_blank";
-    a.download = data.download;
-    a.style = data.style;
-    a.style.fontFamily = "Arial, Helvetica, Sans-Serif";
-    a.href = window.URL.createObjectURL(data.blob);
-    a.appendChild(img);
-    a.appendChild(document.createTextNode(data.textContent));
-
-    const body = document.body;
-    // Don't display scrollbars if the link takes more than one line to display.
-    body.style = "margin: 0px; overflow: hidden";
-    body.appendChild(a);
-}
-
-function remoteSetTint(event) {
-    const data = event.data;
-
-    const img = document.getElementById("img");
-    img.src = data.imgSrc;
-    img.style = data.imgStyle;
-
-    const a = document.getElementById("a");
-    a.style = data.style;
-}
-
-window.onmessage = function(e) {
-    if (lockOrigin === undefined || e.origin === lockOrigin) {
-        if (e.data.blob) remoteRender(e);
-        else remoteSetTint(e);
-    }
-};
diff --git a/webpack.config.js b/webpack.config.js
index 86e6eb1d..3c7e1c94 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -34,7 +34,7 @@ module.exports = (env, argv) => {
             "bundle": "./src/vector/index.js",
             "indexeddb-worker": "./src/vector/indexeddb-worker.js",
             "mobileguide": "./src/vector/mobile_guide/index.js",
-            "usercontent": "./src/vector/usercontent/index.js",
+            "usercontent": "./node_modules/matrix-react-sdk/src/vector/usercontent/index.js",
 
             // CSS themes
             "theme-light": "./node_modules/matrix-react-sdk/res/themes/light/css/light.scss",
@@ -320,7 +320,7 @@ module.exports = (env, argv) => {
 
             // This is the usercontent sandbox's entry point (separate for iframing)
             new HtmlWebpackPlugin({
-                template: './src/vector/usercontent/index.html',
+                template: './node_modules/matrix-react-sdk/src/vector/usercontent/index.html',
                 filename: 'usercontent/index.html',
                 minify: argv.mode === 'production',
                 chunks: ['usercontent'],

From 56f9149e84bb81227dfed3c81ca04d6f5c5ac38f Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Thu, 13 Feb 2020 17:00:17 +0000
Subject: [PATCH 7/7] update webpack paths

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---
 webpack.config.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/webpack.config.js b/webpack.config.js
index 3c7e1c94..688b39cb 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -34,7 +34,7 @@ module.exports = (env, argv) => {
             "bundle": "./src/vector/index.js",
             "indexeddb-worker": "./src/vector/indexeddb-worker.js",
             "mobileguide": "./src/vector/mobile_guide/index.js",
-            "usercontent": "./node_modules/matrix-react-sdk/src/vector/usercontent/index.js",
+            "usercontent": "./node_modules/matrix-react-sdk/src/usercontent/index.js",
 
             // CSS themes
             "theme-light": "./node_modules/matrix-react-sdk/res/themes/light/css/light.scss",
@@ -320,7 +320,7 @@ module.exports = (env, argv) => {
 
             // This is the usercontent sandbox's entry point (separate for iframing)
             new HtmlWebpackPlugin({
-                template: './node_modules/matrix-react-sdk/src/vector/usercontent/index.html',
+                template: './node_modules/matrix-react-sdk/src/usercontent/index.html',
                 filename: 'usercontent/index.html',
                 minify: argv.mode === 'production',
                 chunks: ['usercontent'],