mirrors/signal-desktop
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions
4861 commits 1 branch 105 tags 18 GiB
Commit graph

2807 commits

Author SHA1 Message Date
Scott Nonnenberg
1632e19476 Startup message counter: increment on message processing complete 2019-10-17 13:18:10 -04:00
Scott Nonnenberg
c81c25bb85 Update colors, icons, and fonts 2019-10-10 14:56:14 -07:00
Scott Nonnenberg
28aed8247f MessageReceiver: Remove contact/group sync from cache immediately 2019-10-10 14:56:14 -07:00
Scott Nonnenberg
0f93c780ec Kick off checks for updates in more situations 2019-10-10 14:56:14 -07:00
Scott Nonnenberg
5c00b89600 Support for receiving View Once Video 2019-10-10 14:56:14 -07:00
Scott Nonnenberg
9cda14c4f2 On startup after 30+ days, delete local encryption info 2019-10-10 14:56:14 -07:00
Scott Nonnenberg
0c09f9620f Improve message download performance 2019-10-10 14:56:14 -07:00
Scott Nonnenberg
7ab2d9acc6 Video Thumbnails: Seek to 1s mark in video before capture 2019-09-24 13:43:08 -07:00
Scott Nonnenberg
8ccb89310b New Idle timer; messages not marked read if user is idle 2019-09-24 13:43:08 -07:00
Scott Nonnenberg
b77246a7e0 When SQLITE_CORRUPT error happens, immediately restart the app 2019-09-24 13:43:08 -07:00
Scott Nonnenberg
ca43f52151 Message: Ensure that change event always has getReduxData() data 2019-09-18 16:08:46 -07:00
Scott Nonnenberg
344e7e5e76 Attachment-add flow: capture renamed filename, file type checks 2019-09-18 16:08:46 -07:00
Scott Nonnenberg
3719724337 Prevent multiple instances of same background attachment job 2019-09-18 16:08:46 -07:00
Scott Nonnenberg
92235678b5 Only re-save and re-sort conversation if draft has changed 2019-09-18 16:08:46 -07:00
Scott Nonnenberg
095cd884a2 Prevent >64k text in composition box; truncate too-large drafts 2019-09-16 15:47:52 -07:00
Scott Nonnenberg
5bd9964ed2 Windows: Reintroduce flash frame when we trigger a notification 2019-09-06 16:04:31 -04:00
Scott Nonnenberg
e011589a5e A number of performance tweaks 2019-09-06 12:19:50 -07:00
Scott Nonnenberg
35e943e817 Fix access to safety number view from group members screen 2019-09-05 14:18:44 -04:00
Scott Nonnenberg
1ab844674a Ensure out-of-band attachment updates make new top-level objects 2019-09-03 20:07:47 -04:00
Scott Nonnenberg
15af1eea7a Only update drafts in left pane when conversation is closed 2019-09-03 18:41:21 -04:00
Scott Nonnenberg
936768d9c1 Recalculate message height when pending sticker is loaded 2019-08-22 15:41:55 -07:00
Scott Nonnenberg
b19659f5ac Address beta feedback 
* Use signal blue for search box focus outline
* Reduce debounce for draft saves
* Be less aggressive in our scrolling corrections
* Lightbox: Ensure that a tall image is still fully visible
* Fix spell checking after Electron API breaking changes
* Fix link preview image generation
* Message highlight: Move to border in signal blue
 2019-08-22 17:11:36 -04:00
Scott Nonnenberg
90c2a97aa7 Address alpha feedback 2019-08-21 14:55:18 -07:00
Scott Nonnenberg
ca6f7471f1 Remove all calls to flashFrame() 2019-08-21 14:55:12 -07:00
Scott Nonnenberg
d3d2b0ec52 Use curve functions from native module 2019-08-21 14:55:12 -07:00
Scott Nonnenberg
e29eee4583 Update Electron to 6.0.1, SQLCipher to 4.2.0 2019-08-21 14:55:12 -07:00
Scott Nonnenberg
6ac7f4ccf6 Two fixes for messages causing errors 
* Queue delivery receipt sends, only start after we get 'empty'
* Retry cached two minutes after empty, or any post-empty message
 2019-08-21 14:55:12 -07:00
Scott Nonnenberg
b5ebd034db Don't render left pane until we're done processing initial queue 2019-08-21 14:55:12 -07:00
Scott Nonnenberg
0b0214cbf9 Some fixes for windowed render 2019-08-21 14:55:12 -07:00
Scott Nonnenberg
e4d2e28ec4 Make identity key screen show up immediately 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
c39d5a811a Full-text search within conversation 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
9d4f2afa5a Persist drafts 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
5ebd8bc690 Virtualize Messages List - only render what's visible 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
a976cfe6b6 Time out faster for IndexedDB existence checks 2019-08-21 14:52:30 -07:00
Ken Powers
79bba52cfb Large Message Composition 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
d42eb2126e Changes to View Once 2019-08-05 16:23:47 -07:00
Scott Nonnenberg
adf21985c1 Use MessageController whenever we create a new Message 2019-08-05 16:23:47 -07:00
Scott Nonnenberg
cb9ba0fe7f Re-register support for sealed sender when a device is re-linked 2019-08-05 16:23:47 -07:00
Ken Powers
6c0365a770 One emoji image set for picker, composition, message bubble 2019-07-25 09:28:44 -07:00
Ken Powers
464361b2eb Animate in-conversation panels on show/hide 2019-07-25 09:24:03 -07:00
Scott Nonnenberg
df74103335 Two small changes 
* Signed prekey rotation: better logging, let => const

* Ensure that we remove sync messages from cache
 2019-07-19 09:35:04 -04:00
Scott Nonnenberg
de78d42ad5 Change group_update field of message after avatar download queued 2019-07-17 11:29:51 -07:00
Scott Nonnenberg
e09fa7b402 Ensure suggested attachment filenames are consistent 2019-07-17 11:29:51 -07:00
Scott Nonnenberg
cb2c691667 Improve queuing strategies in the app 2019-07-17 11:29:51 -07:00
Ken Powers
7b645011c2 New composition area with emoji typeahead 2019-07-17 11:29:51 -07:00
Scott Nonnenberg
e62a1a7812 Receive support for View Once photos 2019-07-17 11:29:51 -07:00
Ken Powers
fccf1eec30 Fix file size limitation 2019-07-16 14:48:40 -07:00
Disconnect3d
fa4b2d412f Fix SUPPORTED_MEDIA_DOMAINS regex whitelist (#3459) 
The `SUPPORTED_MEDIA_DOMAINS` regex whitelist, used to check if media link comes from trusted hosts is invalid. It does not expose a security risk or I couldn't find an example for such as of now, but if someone would add a subdomain host to it using the same pattern, it would.

A counter example below:
```js
const SUPPORTED_MEDIA_DOMAINS = /^([^.]+\.)*(ytimg.com|cdninstagram.com|redd.it|imgur.com|fbcdn.net|pinimg.com)$/i;

console.log('Testing redd.it: ' + SUPPORTED_MEDIA_DOMAINS.test('redd.it'));
console.log('Testing reddjit: ' + SUPPORTED_MEDIA_DOMAINS.test('reddjit'));
```

Output:
```
$ node example.js
Testing redd.it: true
Testing reddjit: true
```

---

To be more clear, if someone would extend the regex in the future with e.g. `media.redd.it`, an attacker would be able to create a `mediaXredd.it` domain and bypass the whitelist.

---

A visualisation of the incorrect regex can be found on https://regexper.com/#%5E%28%5B%5E.%5D%2B%5C.%29*%28ytimg.com%7Ccdninstagram.com%7Credd.it%7Cimgur.com%7Cfbcdn.net%7Cpinimg.com%29%24

The issue has been found with LGTM: b626ef0b64/files/js/modules/link_previews.js (xdabadfc2bf20f0c3):1
 2019-07-16 13:28:16 -07:00
Ken Powers
cb272111ab Run yarn format 2019-07-08 16:29:45 -04:00
Scott Nonnenberg
0df9b4b8fb Prevent multiple parallel signed prekey rotations 
* Prevent multiple parallel signed prekey rotations

* When logging error, recalculate id to capture sealed sender info
 2019-07-03 14:56:49 -04:00