mirrors/signal-desktop
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions 1

Strip filenames for visual media attachments during upload

Browse source
This commit is contained in:
yash-signal 2025-06-09 11:46:55 -05:00 committed by GitHub
parent 9d5ab04195
commit 4a6e2d297b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 11 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
ts/components/Lightbox.tsx
View file

@ -605,7 +605,7 @@ export function Lightbox({
<img
alt={i18n('icu:lightboxImageAlt')}
className="Lightbox__object"
data-testid={attachment.fileName}
data-testid={attachment.cdnKey}
onContextMenu={(ev: React.MouseEvent<HTMLImageElement>) => {
// These are the only image types supported by Electron's NativeImage
if (

8
ts/test-mock/messaging/lightbox_test.ts
View file

@ -134,9 +134,11 @@ describe('lightbox', function (this: Mocha.Suite) {
async function expectLightboxImage(
attachment: SignalService.IAttachmentPointer
) {
strictAssert(attachment.fileName, 'Must have filename');
const Object = LightboxContent.getByTestId(attachment.fileName);
debug(`Waiting for ${attachment.fileName}`);
debug('attachment cdnKey is', typeof attachment.cdnKey);
strictAssert(attachment.cdnKey, 'Must have cdnKey');
strictAssert(attachment.cdnKey.length > 0, 'Must have valid cdnKey');
const Object = LightboxContent.getByTestId(attachment.cdnKey);
debug(`Waiting for attachment with cdnKey ${attachment.cdnKey}`);
await expect(Object).toBeVisible();
}

7
ts/util/uploadAttachment.ts
View file

@ -22,6 +22,7 @@ import {
} from '../AttachmentCrypto';
import { missingCaseError } from './missingCaseError';
import { uuidToBytes } from './uuidToBytes';
import { isVisualMedia } from '../types/Attachment';
const CDNS_SUPPORTING_TUS = new Set([3]);
@ -42,8 +43,10 @@ export async function uploadAttachment(
uploadType: 'standard',
});
const { blurHash, caption, clientUuid, fileName, flags, height, width } =
attachment;
const { blurHash, caption, clientUuid, flags, height, width } = attachment;
// Strip filename for visual media (images and videos) to prevent metadata leakage
const fileName = isVisualMedia(attachment) ? undefined : attachment.fileName;
return {
cdnKey,