Scott Nonnenberg
d42eb2126e
Changes to View Once
2019-08-05 16:23:47 -07:00
Ken Powers
6c0365a770
One emoji image set for picker, composition, message bubble
2019-07-25 09:28:44 -07:00
Ken Powers
7b645011c2
New composition area with emoji typeahead
2019-07-17 11:29:51 -07:00
Scott Nonnenberg
e62a1a7812
Receive support for View Once photos
2019-07-17 11:29:51 -07:00
Disconnect3d
fa4b2d412f
Fix SUPPORTED_MEDIA_DOMAINS regex whitelist ( #3459 )
...
The `SUPPORTED_MEDIA_DOMAINS` regex whitelist, used to check if media link comes from trusted hosts is invalid. It does not expose a security risk or I couldn't find an example for such as of now, but if someone would add a subdomain host to it using the same pattern, it would.
A counter example below:
```js
const SUPPORTED_MEDIA_DOMAINS = /^([^.]+\.)*(ytimg.com|cdninstagram.com|redd.it|imgur.com|fbcdn.net|pinimg.com)$/i;
console.log('Testing redd.it: ' + SUPPORTED_MEDIA_DOMAINS.test('redd.it'));
console.log('Testing reddjit: ' + SUPPORTED_MEDIA_DOMAINS.test('reddjit'));
```
Output:
```
$ node example.js
Testing redd.it: true
Testing reddjit: true
```
---
To be more clear, if someone would extend the regex in the future with e.g. `media.redd.it`, an attacker would be able to create a `mediaXredd.it` domain and bypass the whitelist.
---
A visualisation of the incorrect regex can be found on https://regexper.com/#%5E%28%5B%5E.%5D%2B%5C.%29*%28ytimg.com%7Ccdninstagram.com%7Credd.it%7Cimgur.com%7Cfbcdn.net%7Cpinimg.com%29%24
The issue has been found with LGTM: b626ef0b64/files/js/modules/link_previews.js (xdabadfc2bf20f0c3)
:1
2019-07-16 13:28:16 -07:00
Scott Nonnenberg
569acb091c
Migrate from IndexedDB before doing new version checks
2019-06-27 15:21:08 -07:00
Scott Nonnenberg
cc4886caa5
Ensure only one active attachment download setTimeout
2019-06-24 13:39:37 -07:00
Scott Nonnenberg
ab2cc6ee53
Properly download new group avatars
2019-06-24 14:51:33 -04:00
Scott Nonnenberg
102b93241c
Only preload emoji after the window is fully loaded
2019-06-20 17:48:54 -07:00
Scott Nonnenberg
9fd867fdd1
Support new 'requiredProtocolVersion' in DataMessage
...
* Add new requiredProtocolVersion field to DataMessage
* Message.requiredProtocolVersion, warning if version mot supported
* Update strings; limit width; new left pane preview text
2019-06-10 17:40:02 -04:00
Ken Powers
a934759e66
Maintain last-known cursor position for inserting emojis
2019-05-30 16:37:28 -07:00
Scott Nonnenberg
b221dcff5a
Only use attemptedStatus on re-download if it is 'installed'
2019-05-30 12:43:18 -07:00
Ken Powers
be5d0837f8
Support additional sticker states
...
Co-authored-by: scott@signal.org
Co-authored-by: ken@signal.org
2019-05-29 11:01:32 -07:00
Scott Nonnenberg
41880cfe66
Add some logging for debug log upload
2019-05-28 17:24:28 -07:00
Ken Powers
0e9d549cf3
Fuzzy-Searchable Emoji Picker
2019-05-24 17:03:13 -07:00
Ken Powers
29de50c12a
Stickers
...
Co-authored-by: scott@signal.org
Co-authored-by: ken@signal.org
2019-05-16 16:10:37 -07:00
Scott Nonnenberg
26a3342d2a
Padded attachments, attachments v2
...
* Handle incoming padded attachments
* Attachments v2 - multipart form POST, and direct CDN GET access
* Pad outgoing attachments before encryption (disabled for now)
2019-05-16 15:43:29 -07:00
Michael Walker
4a8e0bd466
Add pinterest domain and asset domains for link preview support
...
Co-authored-by: ken@signal.org
Co-authored-by: @cmswalker
2019-05-16 15:43:29 -07:00
Scott Nonnenberg
74cb808763
New MessageController as the single place for in-memory messages
2019-04-04 17:17:19 -07:00
Scott Nonnenberg
8c4d90df07
Send long text as an attachment instead of inline
...
Remove Android length warning
Handle incoming long message attachments
Show long download pending status in message bubble
Fix the width of the smallest spinner
Remove Android length warning from HTML templates
2019-03-14 17:30:46 -07:00
Scott Nonnenberg
b3ac1373fa
Move left pane entirely to React
2019-03-12 17:44:14 -07:00
Scott Nonnenberg
fbda313d09
Add job details to attachment download log warning
2019-03-12 17:44:14 -07:00
Scott Nonnenberg
ae161c6cf6
Update to Electron 4.x
2019-03-12 17:44:14 -07:00
Scott Nonnenberg
ae2db9f09a
Improve handling for URLs composed of mixed character sets
2019-03-12 17:44:14 -07:00
Scott Nonnenberg
3917ab940e
web_api: Fix caching of https.agent objects between requests
2019-02-20 16:51:30 -08:00
Scott Nonnenberg
3fb6ab295f
Debug log optimizations and improvements
2019-02-20 16:51:30 -08:00
Scott Nonnenberg
d4eacda649
Disable import/export outside of test mode; not currently used
2019-02-20 16:51:30 -08:00
Scott Nonnenberg
28f96fe893
Ensure that we capture sender even if thrown error is falsey
2019-02-13 16:04:58 -08:00
Scott Nonnenberg
5b54c9554e
Remove groups table, conversation is single source of truth
2019-02-13 16:04:58 -08:00
Scott Nonnenberg
041fe4be05
Remove JSON column and Backbone Model for unprocessed
2019-02-13 16:04:58 -08:00
Scott Nonnenberg
9c540ab977
Add cache support to Signal Protocol Store
2019-02-13 16:04:58 -08:00
Scott Nonnenberg
1d2c3ae23c
Download attachments in separate queue from message processing
2019-02-12 16:34:21 -08:00
Scott Nonnenberg
858c7e629f
Fine-tune linkification technique for link previews
2019-02-11 18:32:05 -08:00
Scott Nonnenberg
0d7480bd92
A number of small fixes for Link Previews
2019-02-05 13:55:55 -08:00
Scott Nonnenberg
92c071e083
Use the proper method for pulling attachments off disk for retry
2019-01-29 16:08:03 -08:00
Scott Nonnenberg
813924685e
Link Previews
2019-01-29 13:53:14 -08:00
Scott Nonnenberg
43e5d16020
Support for web socket communication with no signaling key
2019-01-14 10:32:12 -08:00
Scott Nonnenberg
985b1d6aa6
New staged attachments UI, multiple image attachments per message
2019-01-04 12:21:26 -08:00
Scott Nonnenberg
e4babdaef0
Updates to backup infrastructure
2019-01-04 12:21:26 -08:00
Scott Nonnenberg
47f834cf5c
Encrypt device name on account create, on first launch if needed
2019-01-04 12:21:26 -08:00
Scott Nonnenberg
313d08344a
Request configuration sync on startup of new version
2018-11-28 12:35:26 -08:00
Scott Nonnenberg
70eed938d9
Store arrayBuffers in database for remote identity keys
2018-11-26 16:22:49 -08:00
Scott Nonnenberg
79a861a870
Typing Indicators
2018-11-26 15:26:04 -08:00
Scott Nonnenberg
a780fa3bab
Fix reference to nonexistent variable
2018-11-14 15:25:03 -08:00
Scott Nonnenberg
55c3d9371e
Bump sender certificate timer after registration for re-link
2018-11-13 09:44:30 -08:00
Scott Nonnenberg
6300256a3e
Gracefully shut down database operations before app exit
2018-11-12 15:31:17 -08:00
Scott Nonnenberg
c5f9fae444
A few small bugfixes
2018-11-12 15:31:17 -08:00
Scott Nonnenberg
2d48daa7b6
Refine Sealed Sender behaviors
2018-11-07 16:34:20 -08:00
Scott Nonnenberg
fb670ad6b9
Remove IndexedDB files after removing IndexedDB database
2018-11-01 17:00:24 -07:00
Scott Nonnenberg
9f647f00d8
A couple fixes for the data layer, legacy message upgrade/migrate
2018-11-01 17:00:24 -07:00