a271fe0eee
Add version number to user-agent header on outgoing requests
2020-01-16 21:36:14 -08:00
be6ae038dc
Ensure sender cert refresh timer resets only when necessary
2020-01-16 21:36:14 -08:00
8dbbde6790
Partial Revert "Conversation: Wait for database fetch to add incoming messages"
...
This partially reverts commit bce711c36dfdb3eefda59a10aabe71058b3e40a2.
2020-01-16 08:34:31 -08:00
55eff02872
Reintroduce file chooser dialog for every attachment save
2020-01-15 17:23:02 -05:00
1bf9ca7233
Save attachments with macOS quarantine attribute
...
* Attachments: Always save file to downloads directory, show toast
* Add new build:dev command for casual builds
2020-01-09 14:57:43 -05:00
3e5071e340
Conversation: Wait for database fetch to add incoming messages
2020-01-09 09:43:47 -05:00
0d3b390129
Upgrade Prettier
2020-01-08 09:44:54 -08:00
fe65fd3eaa
Sticker creator updates: new 200 sticker max, WebP supported
2019-12-19 15:27:02 -08:00
f5be32ba14
Simplify linkification filter - check for ASCII/non-ASCII only
2019-12-18 14:45:11 -05:00
11d47a8eb9
Sticker Creator
2019-12-17 12:28:46 -08:00
2df1ba6e61
Introduce two built-in sticker packs: Zozo and Bandit
2019-12-17 12:28:46 -08:00
e9f08c3da9
Bugfixes for v1.29
...
* If focus was set to document.body during archive, focus left pane
* Shortcut Guide: Add space between text and shortcut highlight
* Ensure that draft attachment can be closed with click on X button
* Move to keyDown event for user idle checking
* Additional resiliency around avatars; check for them on on-disk
* Increase timeouts to preserve websocket connection
* On startup, be resilient to malformed JSON in log files
* Don't crash if shell.openExternal returns an error
* Whenever we request a contact/group sync, also request block list
* Avatar popup: Ensure styling is mouse- and keyboard-appropriate
* MainHeader: Create popperRoot on demand, not on mount
* CompositionInput: Disable default Ctrl-/ shortcut
* Update libphonenumber
2019-12-03 15:02:50 -05:00
bb02fa3a7e
Prevent conversation up/down when showing search results
2019-11-15 14:34:24 -08:00
20a892247f
Keyboard shortcuts and accessibility
2019-11-13 16:53:42 -08:00
8590a047c7
Change domain for sharing sticker packs
2019-11-13 19:12:36 -05:00
8659f1dd23
Fix a number of emoji bugs in message composer
2019-10-31 12:32:10 -07:00
0c09f9620f
Improve message download performance
2019-10-10 14:56:14 -07:00
7ab2d9acc6
Video Thumbnails: Seek to 1s mark in video before capture
2019-09-24 13:43:08 -07:00
b77246a7e0
When SQLITE_CORRUPT error happens, immediately restart the app
2019-09-24 13:43:08 -07:00
3719724337
Prevent multiple instances of same background attachment job
2019-09-18 16:08:46 -07:00
1ab844674a
Ensure out-of-band attachment updates make new top-level objects
2019-09-03 20:07:47 -04:00
936768d9c1
Recalculate message height when pending sticker is loaded
2019-08-22 15:41:55 -07:00
c39d5a811a
Full-text search within conversation
2019-08-21 14:52:30 -07:00
9d4f2afa5a
Persist drafts
2019-08-21 14:52:30 -07:00
5ebd8bc690
Virtualize Messages List - only render what's visible
2019-08-21 14:52:30 -07:00
a976cfe6b6
Time out faster for IndexedDB existence checks
2019-08-21 14:52:30 -07:00
d42eb2126e
Changes to View Once
2019-08-05 16:23:47 -07:00
6c0365a770
One emoji image set for picker, composition, message bubble
2019-07-25 09:28:44 -07:00
7b645011c2
New composition area with emoji typeahead
2019-07-17 11:29:51 -07:00
e62a1a7812
Receive support for View Once photos
2019-07-17 11:29:51 -07:00
fa4b2d412f
Fix SUPPORTED_MEDIA_DOMAINS regex whitelist ( #3459 )
...
The `SUPPORTED_MEDIA_DOMAINS` regex whitelist, used to check if media link comes from trusted hosts is invalid. It does not expose a security risk or I couldn't find an example for such as of now, but if someone would add a subdomain host to it using the same pattern, it would.
A counter example below:
```js
const SUPPORTED_MEDIA_DOMAINS = /^([^.]+\.)*(ytimg.com|cdninstagram.com|redd.it|imgur.com|fbcdn.net|pinimg.com)$/i;
console.log('Testing redd.it: ' + SUPPORTED_MEDIA_DOMAINS.test('redd.it'));
console.log('Testing reddjit: ' + SUPPORTED_MEDIA_DOMAINS.test('reddjit'));
```
Output:
```
$ node example.js
Testing redd.it: true
Testing reddjit: true
```
---
To be more clear, if someone would extend the regex in the future with e.g. `media.redd.it`, an attacker would be able to create a `mediaXredd.it` domain and bypass the whitelist.
---
A visualisation of the incorrect regex can be found on https://regexper.com/#%5E%28%5B%5E.%5D%2B%5C.%29*%28ytimg.com%7Ccdninstagram.com%7Credd.it%7Cimgur.com%7Cfbcdn.net%7Cpinimg.com%29%24
The issue has been found with LGTM: https://lgtm.com/projects/g/signalapp/Signal-Desktop/snapshot/b626ef0b64bfa9867daff876a7cc680bc236897c/files/js/modules/link_previews.js?sort=name&dir=ASC&mode=heatmap#xdabadfc2bf20f0c3:1
2019-07-16 13:28:16 -07:00
569acb091c
Migrate from IndexedDB before doing new version checks
2019-06-27 15:21:08 -07:00
cc4886caa5
Ensure only one active attachment download setTimeout
2019-06-24 13:39:37 -07:00
ab2cc6ee53
Properly download new group avatars
2019-06-24 14:51:33 -04:00
102b93241c
Only preload emoji after the window is fully loaded
2019-06-20 17:48:54 -07:00
9fd867fdd1
Support new 'requiredProtocolVersion' in DataMessage
...
* Add new requiredProtocolVersion field to DataMessage
* Message.requiredProtocolVersion, warning if version mot supported
* Update strings; limit width; new left pane preview text
2019-06-10 17:40:02 -04:00
a934759e66
Maintain last-known cursor position for inserting emojis
2019-05-30 16:37:28 -07:00
b221dcff5a
Only use attemptedStatus on re-download if it is 'installed'
2019-05-30 12:43:18 -07:00
be5d0837f8
Support additional sticker states
...
Co-authored-by: scott@signal.org
Co-authored-by: ken@signal.org
2019-05-29 11:01:32 -07:00
41880cfe66
Add some logging for debug log upload
2019-05-28 17:24:28 -07:00
0e9d549cf3
Fuzzy-Searchable Emoji Picker
2019-05-24 17:03:13 -07:00
29de50c12a
Stickers
...
Co-authored-by: scott@signal.org
Co-authored-by: ken@signal.org
2019-05-16 16:10:37 -07:00
26a3342d2a
Padded attachments, attachments v2
...
* Handle incoming padded attachments
* Attachments v2 - multipart form POST, and direct CDN GET access
* Pad outgoing attachments before encryption (disabled for now)
2019-05-16 15:43:29 -07:00
4a8e0bd466
Add pinterest domain and asset domains for link preview support
...
Co-authored-by: ken@signal.org
Co-authored-by: @cmswalker
2019-05-16 15:43:29 -07:00
74cb808763
New MessageController as the single place for in-memory messages
2019-04-04 17:17:19 -07:00
8c4d90df07
Send long text as an attachment instead of inline
...
Remove Android length warning
Handle incoming long message attachments
Show long download pending status in message bubble
Fix the width of the smallest spinner
Remove Android length warning from HTML templates
2019-03-14 17:30:46 -07:00
b3ac1373fa
Move left pane entirely to React
2019-03-12 17:44:14 -07:00
fbda313d09
Add job details to attachment download log warning
2019-03-12 17:44:14 -07:00
ae161c6cf6
Update to Electron 4.x
2019-03-12 17:44:14 -07:00
ae2db9f09a
Improve handling for URLs composed of mixed character sets
2019-03-12 17:44:14 -07:00
Scott Nonnenberg
Ken Powers
Disconnect3d
Michael Walker