mirrors/signal-desktop
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4773 commits 1 branch 92 tags 13 GiB
Commit graph

296 commits

Author SHA1 Message Date
Scott Nonnenberg
a976cfe6b6 Time out faster for IndexedDB existence checks 2019-08-21 14:52:30 -07:00
Scott Nonnenberg
d42eb2126e Changes to View Once 2019-08-05 16:23:47 -07:00
Ken Powers
6c0365a770 One emoji image set for picker, composition, message bubble 2019-07-25 09:28:44 -07:00
Ken Powers
7b645011c2 New composition area with emoji typeahead 2019-07-17 11:29:51 -07:00
Scott Nonnenberg
e62a1a7812 Receive support for View Once photos 2019-07-17 11:29:51 -07:00
Disconnect3d
fa4b2d412f Fix SUPPORTED_MEDIA_DOMAINS regex whitelist (#3459) 
The `SUPPORTED_MEDIA_DOMAINS` regex whitelist, used to check if media link comes from trusted hosts is invalid. It does not expose a security risk or I couldn't find an example for such as of now, but if someone would add a subdomain host to it using the same pattern, it would.

A counter example below:
```js
const SUPPORTED_MEDIA_DOMAINS = /^([^.]+\.)*(ytimg.com|cdninstagram.com|redd.it|imgur.com|fbcdn.net|pinimg.com)$/i;

console.log('Testing redd.it: ' + SUPPORTED_MEDIA_DOMAINS.test('redd.it'));
console.log('Testing reddjit: ' + SUPPORTED_MEDIA_DOMAINS.test('reddjit'));
```

Output:
```
$ node example.js
Testing redd.it: true
Testing reddjit: true
```

---

To be more clear, if someone would extend the regex in the future with e.g. `media.redd.it`, an attacker would be able to create a `mediaXredd.it` domain and bypass the whitelist.

---

A visualisation of the incorrect regex can be found on https://regexper.com/#%5E%28%5B%5E.%5D%2B%5C.%29*%28ytimg.com%7Ccdninstagram.com%7Credd.it%7Cimgur.com%7Cfbcdn.net%7Cpinimg.com%29%24

The issue has been found with LGTM: b626ef0b64/files/js/modules/link_previews.js (xdabadfc2bf20f0c3):1
 2019-07-16 13:28:16 -07:00
Scott Nonnenberg
569acb091c Migrate from IndexedDB before doing new version checks 2019-06-27 15:21:08 -07:00
Scott Nonnenberg
cc4886caa5 Ensure only one active attachment download setTimeout 2019-06-24 13:39:37 -07:00
Scott Nonnenberg
ab2cc6ee53 Properly download new group avatars 2019-06-24 14:51:33 -04:00
Scott Nonnenberg
102b93241c Only preload emoji after the window is fully loaded 2019-06-20 17:48:54 -07:00
Scott Nonnenberg
9fd867fdd1 Support new 'requiredProtocolVersion' in DataMessage 
* Add new requiredProtocolVersion field to DataMessage

* Message.requiredProtocolVersion, warning if version mot supported

* Update strings; limit width; new left pane preview text
 2019-06-10 17:40:02 -04:00
Ken Powers
a934759e66 Maintain last-known cursor position for inserting emojis 2019-05-30 16:37:28 -07:00
Scott Nonnenberg
b221dcff5a Only use attemptedStatus on re-download if it is 'installed' 2019-05-30 12:43:18 -07:00
Ken Powers
be5d0837f8 Support additional sticker states 
Co-authored-by: scott@signal.org
Co-authored-by: ken@signal.org
 2019-05-29 11:01:32 -07:00
Scott Nonnenberg
41880cfe66 Add some logging for debug log upload 2019-05-28 17:24:28 -07:00
Ken Powers
0e9d549cf3 Fuzzy-Searchable Emoji Picker 2019-05-24 17:03:13 -07:00
Ken Powers
29de50c12a Stickers 
Co-authored-by: scott@signal.org
Co-authored-by: ken@signal.org
 2019-05-16 16:10:37 -07:00
Scott Nonnenberg
26a3342d2a Padded attachments, attachments v2 
* Handle incoming padded attachments
* Attachments v2 - multipart form POST, and direct CDN GET access
* Pad outgoing attachments before encryption (disabled for now)
 2019-05-16 15:43:29 -07:00
Michael Walker
4a8e0bd466 Add pinterest domain and asset domains for link preview support 
Co-authored-by: ken@signal.org
Co-authored-by: @cmswalker
 2019-05-16 15:43:29 -07:00
Scott Nonnenberg
74cb808763 New MessageController as the single place for in-memory messages 2019-04-04 17:17:19 -07:00
Scott Nonnenberg
8c4d90df07 Send long text as an attachment instead of inline 
Remove Android length warning

Handle incoming long message attachments

Show long download pending status in message bubble

Fix the width of the smallest spinner

Remove Android length warning from HTML templates
 2019-03-14 17:30:46 -07:00
Scott Nonnenberg
b3ac1373fa Move left pane entirely to React 2019-03-12 17:44:14 -07:00
Scott Nonnenberg
fbda313d09 Add job details to attachment download log warning 2019-03-12 17:44:14 -07:00
Scott Nonnenberg
ae161c6cf6 Update to Electron 4.x 2019-03-12 17:44:14 -07:00
Scott Nonnenberg
ae2db9f09a Improve handling for URLs composed of mixed character sets 2019-03-12 17:44:14 -07:00
Scott Nonnenberg
3917ab940e web_api: Fix caching of https.agent objects between requests 2019-02-20 16:51:30 -08:00
Scott Nonnenberg
3fb6ab295f Debug log optimizations and improvements 2019-02-20 16:51:30 -08:00
Scott Nonnenberg
d4eacda649 Disable import/export outside of test mode; not currently used 2019-02-20 16:51:30 -08:00
Scott Nonnenberg
28f96fe893 Ensure that we capture sender even if thrown error is falsey 2019-02-13 16:04:58 -08:00
Scott Nonnenberg
5b54c9554e Remove groups table, conversation is single source of truth 2019-02-13 16:04:58 -08:00
Scott Nonnenberg
041fe4be05 Remove JSON column and Backbone Model for unprocessed 2019-02-13 16:04:58 -08:00
Scott Nonnenberg
9c540ab977 Add cache support to Signal Protocol Store 2019-02-13 16:04:58 -08:00
Scott Nonnenberg
1d2c3ae23c Download attachments in separate queue from message processing 2019-02-12 16:34:21 -08:00
Scott Nonnenberg
858c7e629f Fine-tune linkification technique for link previews 2019-02-11 18:32:05 -08:00
Scott Nonnenberg
0d7480bd92 A number of small fixes for Link Previews 2019-02-05 13:55:55 -08:00
Scott Nonnenberg
92c071e083 Use the proper method for pulling attachments off disk for retry 2019-01-29 16:08:03 -08:00
Scott Nonnenberg
813924685e Link Previews 2019-01-29 13:53:14 -08:00
Scott Nonnenberg
43e5d16020 Support for web socket communication with no signaling key 2019-01-14 10:32:12 -08:00
Scott Nonnenberg
985b1d6aa6 New staged attachments UI, multiple image attachments per message 2019-01-04 12:21:26 -08:00
Scott Nonnenberg
e4babdaef0 Updates to backup infrastructure 2019-01-04 12:21:26 -08:00
Scott Nonnenberg
47f834cf5c Encrypt device name on account create, on first launch if needed 2019-01-04 12:21:26 -08:00
Scott Nonnenberg
313d08344a Request configuration sync on startup of new version 2018-11-28 12:35:26 -08:00
Scott Nonnenberg
70eed938d9 Store arrayBuffers in database for remote identity keys 2018-11-26 16:22:49 -08:00
Scott Nonnenberg
79a861a870 Typing Indicators 2018-11-26 15:26:04 -08:00
Scott Nonnenberg
a780fa3bab Fix reference to nonexistent variable 2018-11-14 15:25:03 -08:00
Scott Nonnenberg
55c3d9371e Bump sender certificate timer after registration for re-link 2018-11-13 09:44:30 -08:00
Scott Nonnenberg
6300256a3e Gracefully shut down database operations before app exit 2018-11-12 15:31:17 -08:00
Scott Nonnenberg
c5f9fae444 A few small bugfixes 2018-11-12 15:31:17 -08:00
Scott Nonnenberg
2d48daa7b6 Refine Sealed Sender behaviors 2018-11-07 16:34:20 -08:00
Scott Nonnenberg
fb670ad6b9 Remove IndexedDB files after removing IndexedDB database 2018-11-01 17:00:24 -07:00