Commit graph

2796 commits

Author SHA1 Message Date
Scott Nonnenberg
344e7e5e76 Attachment-add flow: capture renamed filename, file type checks 2019-09-18 16:08:46 -07:00
Scott Nonnenberg
3719724337 Prevent multiple instances of same background attachment job 2019-09-18 16:08:46 -07:00
Scott Nonnenberg
92235678b5 Only re-save and re-sort conversation if draft has changed 2019-09-18 16:08:46 -07:00
Scott Nonnenberg
095cd884a2 Prevent >64k text in composition box; truncate too-large drafts 2019-09-16 15:47:52 -07:00
Scott Nonnenberg
5bd9964ed2 Windows: Reintroduce flash frame when we trigger a notification 2019-09-06 16:04:31 -04:00
Scott Nonnenberg
e011589a5e A number of performance tweaks 2019-09-06 12:19:50 -07:00
Scott Nonnenberg
35e943e817 Fix access to safety number view from group members screen 2019-09-05 14:18:44 -04:00
Scott Nonnenberg
1ab844674a Ensure out-of-band attachment updates make new top-level objects 2019-09-03 20:07:47 -04:00
Scott Nonnenberg
15af1eea7a Only update drafts in left pane when conversation is closed 2019-09-03 18:41:21 -04:00
Scott Nonnenberg
936768d9c1 Recalculate message height when pending sticker is loaded 2019-08-22 15:41:55 -07:00
Scott Nonnenberg
b19659f5ac Address beta feedback
* Use signal blue for search box focus outline
* Reduce debounce for draft saves
* Be less aggressive in our scrolling corrections
* Lightbox: Ensure that a tall image is still fully visible
* Fix spell checking after Electron API breaking changes
* Fix link preview image generation
* Message highlight: Move to border in signal blue
2019-08-22 17:11:36 -04:00
Scott Nonnenberg
90c2a97aa7 Address alpha feedback 2019-08-21 14:55:18 -07:00
Scott Nonnenberg
ca6f7471f1 Remove all calls to flashFrame() 2019-08-21 14:55:12 -07:00
Scott Nonnenberg
d3d2b0ec52 Use curve functions from native module 2019-08-21 14:55:12 -07:00
Scott Nonnenberg
e29eee4583 Update Electron to 6.0.1, SQLCipher to 4.2.0 2019-08-21 14:55:12 -07:00
Scott Nonnenberg
6ac7f4ccf6 Two fixes for messages causing errors
* Queue delivery receipt sends, only start after we get 'empty'
* Retry cached two minutes after empty, or any post-empty message
2019-08-21 14:55:12 -07:00
Scott Nonnenberg
b5ebd034db Don't render left pane until we're done processing initial queue 2019-08-21 14:55:12 -07:00
Scott Nonnenberg
0b0214cbf9 Some fixes for windowed render 2019-08-21 14:55:12 -07:00
Scott Nonnenberg
e4d2e28ec4 Make identity key screen show up immediately 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
c39d5a811a Full-text search within conversation 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
9d4f2afa5a Persist drafts 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
5ebd8bc690 Virtualize Messages List - only render what's visible 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
a976cfe6b6 Time out faster for IndexedDB existence checks 2019-08-21 14:52:30 -07:00
Ken Powers
79bba52cfb Large Message Composition 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
d42eb2126e Changes to View Once 2019-08-05 16:23:47 -07:00
Scott Nonnenberg
adf21985c1 Use MessageController whenever we create a new Message 2019-08-05 16:23:47 -07:00
Scott Nonnenberg
cb9ba0fe7f Re-register support for sealed sender when a device is re-linked 2019-08-05 16:23:47 -07:00
Ken Powers
6c0365a770 One emoji image set for picker, composition, message bubble 2019-07-25 09:28:44 -07:00
Ken Powers
464361b2eb Animate in-conversation panels on show/hide 2019-07-25 09:24:03 -07:00
Scott Nonnenberg
df74103335 Two small changes
* Signed prekey rotation: better logging, let => const

* Ensure that we remove sync messages from cache
2019-07-19 09:35:04 -04:00
Scott Nonnenberg
de78d42ad5 Change group_update field of message after avatar download queued 2019-07-17 11:29:51 -07:00
Scott Nonnenberg
e09fa7b402 Ensure suggested attachment filenames are consistent 2019-07-17 11:29:51 -07:00
Scott Nonnenberg
cb2c691667 Improve queuing strategies in the app 2019-07-17 11:29:51 -07:00
Ken Powers
7b645011c2 New composition area with emoji typeahead 2019-07-17 11:29:51 -07:00
Scott Nonnenberg
e62a1a7812 Receive support for View Once photos 2019-07-17 11:29:51 -07:00
Ken Powers
fccf1eec30 Fix file size limitation 2019-07-16 14:48:40 -07:00
Disconnect3d
fa4b2d412f Fix SUPPORTED_MEDIA_DOMAINS regex whitelist (#3459)
The `SUPPORTED_MEDIA_DOMAINS` regex whitelist, used to check if media link comes from trusted hosts is invalid. It does not expose a security risk or I couldn't find an example for such as of now, but if someone would add a subdomain host to it using the same pattern, it would.

A counter example below:
```js
const SUPPORTED_MEDIA_DOMAINS = /^([^.]+\.)*(ytimg.com|cdninstagram.com|redd.it|imgur.com|fbcdn.net|pinimg.com)$/i;

console.log('Testing redd.it: ' + SUPPORTED_MEDIA_DOMAINS.test('redd.it'));
console.log('Testing reddjit: ' + SUPPORTED_MEDIA_DOMAINS.test('reddjit'));
```

Output:
```
$ node example.js
Testing redd.it: true
Testing reddjit: true
```

---

To be more clear, if someone would extend the regex in the future with e.g. `media.redd.it`, an attacker would be able to create a `mediaXredd.it` domain and bypass the whitelist.

---

A visualisation of the incorrect regex can be found on https://regexper.com/#%5E%28%5B%5E.%5D%2B%5C.%29*%28ytimg.com%7Ccdninstagram.com%7Credd.it%7Cimgur.com%7Cfbcdn.net%7Cpinimg.com%29%24

The issue has been found with LGTM: b626ef0b64/files/js/modules/link_previews.js (xdabadfc2bf20f0c3):1
2019-07-16 13:28:16 -07:00
Ken Powers
cb272111ab Run yarn format 2019-07-08 16:29:45 -04:00
Scott Nonnenberg
0df9b4b8fb Prevent multiple parallel signed prekey rotations
* Prevent multiple parallel signed prekey rotations

* When logging error, recalculate id to capture sealed sender info
2019-07-03 14:56:49 -04:00
AJ Jordan
22f5c01247 Fix typo (#3345) 2019-06-28 13:07:00 -04:00
Scott Nonnenberg
569acb091c Migrate from IndexedDB before doing new version checks 2019-06-27 15:21:08 -07:00
Scott Nonnenberg
cc4886caa5 Ensure only one active attachment download setTimeout 2019-06-24 13:39:37 -07:00
Scott Nonnenberg
ab2cc6ee53 Properly download new group avatars 2019-06-24 14:51:33 -04:00
Scott Nonnenberg
d97dae6a87 Capture id after first save for incoming error messages 2019-06-24 14:47:43 -04:00
Scott Nonnenberg
3feb0037e5 Ensure that long message attachments don't show in media gallery 2019-06-21 16:13:42 -07:00
Scott Nonnenberg
102b93241c Only preload emoji after the window is fully loaded 2019-06-20 17:48:54 -07:00
Scott Nonnenberg
6c8bce7b9f Fix incorrect contentType/extension for outgoing resized image attachments
* Use contentType from conversion when resizing outgoing images

* Update outgoing filename with proper extension after resize
2019-06-19 11:51:23 -04:00
Scott Nonnenberg
cc7b9da0cf Ensure that all event handling in background.js is queued 2019-06-14 18:17:37 -04:00
Scott Nonnenberg
e19067861e ConversationView - extract all header setup into new method 2019-06-11 11:07:56 -04:00
Scott Nonnenberg
9fd867fdd1 Support new 'requiredProtocolVersion' in DataMessage
* Add new requiredProtocolVersion field to DataMessage

* Message.requiredProtocolVersion, warning if version mot supported

* Update strings; limit width; new left pane preview text
2019-06-10 17:40:02 -04:00