status-im
/
status-desktop
mirror of https://github.com/status-im/status-desktop.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: Revisit character set usage (ASCII/Latin1/UTF-8) in description fields 

Restrict the character set to basically 7-bit ASCII plus some punctuation
in community/chat/profile related popups in order to:
- reduce the risk of impersonation (UTF-8 characters might look the same
despite being a different codepoint)
- narrow down the set of characters in order to keep the new share URL
format short

Closes #11307
This commit is contained in:
Lukáš Tinkl 2023-07-31 16:27:26 +02:00 committed by Lukáš Tinkl
parent cdc5a90940
commit 3d2deb5335
4 changed files with 36 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ui/app/AppLayouts/Communities/popups/CreateCategoryPopup.qml
View File

@ -61,10 +61,16 @@ StatusModal {
label: qsTr("Category title") label: qsTr("Category title")
charLimit: maxCategoryNameLength charLimit: maxCategoryNameLength
placeholderText: qsTr("Name the category") placeholderText: qsTr("Name the category")
validators: [StatusMinLengthValidator { validators: [
minLength: 1 StatusMinLengthValidator {
errorMessage: Utils.getErrorMessage(nameInput.errors, qsTr("category name")) minLength: 1
}] errorMessage: Utils.getErrorMessage(nameInput.errors, qsTr("category name"))
},
StatusRegularExpressionValidator {
regularExpression: Constants.regularExpressions.alphanumericalExpanded
errorMessage: Constants.errorMessages.alphanumericalExpandedRegExp
}
]
} }
StatusModalDivider { StatusModalDivider {

12
ui/app/AppLayouts/Communities/popups/CreateChannelPopup.qml
View File

@ -230,10 +230,16 @@ StatusDialog {
input.multiline: true input.multiline: true
minimumHeight: 88 minimumHeight: 88
maximumHeight: 88 maximumHeight: 88
validators: [StatusMinLengthValidator { validators: [
StatusMinLengthValidator {
minLength: 1 minLength: 1
errorMessage: Utils.getErrorMessage(descriptionTextArea.errors, qsTr("channel description")) errorMessage: Utils.getErrorMessage(descriptionTextArea.errors, qsTr("channel description"))
}] },
StatusRegularExpressionValidator {
regularExpression: Constants.regularExpressions.alphanumericalExpanded
errorMessage: Constants.errorMessages.alphanumericalExpandedRegExp
}
]
} }
/* TODO: use the code below to enable private channels and message limit */ /* TODO: use the code below to enable private channels and message limit */

52
ui/imports/shared/popups/RenameGroupPopup.qml
View File

@ -9,6 +9,7 @@ import utils 1.0
import StatusQ.Components 0.1 import StatusQ.Components 0.1
import StatusQ.Controls 0.1 import StatusQ.Controls 0.1
import StatusQ.Controls.Validators 0.1
import StatusQ.Core 0.1 import StatusQ.Core 0.1
import StatusQ.Popups 0.1 import StatusQ.Popups 0.1
import StatusQ.Popups.Dialog 0.1 import StatusQ.Popups.Dialog 0.1
@ -39,7 +40,7 @@ StatusDialog {
colorSelectionGrid.selectedColor = activeGroupColor colorSelectionGrid.selectedColor = activeGroupColor
for (let i = 0; i < colorSelectionGrid.model.length; i++) { for (let i = 0; i < colorSelectionGrid.model.length; i++) {
if(colorSelectionGrid.model[i] === root.activeGroupColor.toUpperCase()) if(colorSelectionGrid.model[i].toString().toUpperCase() === root.activeGroupColor.toUpperCase())
colorSelectionGrid.selectedColorIndex = i colorSelectionGrid.selectedColorIndex = i
} }
@ -56,13 +57,23 @@ StatusDialog {
Layout.alignment: Qt.AlignHCenter Layout.alignment: Qt.AlignHCenter
label: qsTr("Name the group") label: qsTr("Name the group")
charLimit: d.nameCharLimit charLimit: d.nameCharLimit
validators: [
StatusMinLengthValidator {
minLength: 1
errorMessage: Utils.getErrorMessage(groupName.errors, qsTr("group name"))
},
StatusRegularExpressionValidator {
regularExpression: Constants.regularExpressions.alphanumericalExpanded
errorMessage: Constants.errorMessages.alphanumericalExpandedRegExp
}
]
} }
StatusBaseText { StatusBaseText {
id: imgText id: imgText
text: qsTr("Group image") text: qsTr("Group image")
leftPadding: groupName.leftPadding - root.padding leftPadding: groupName.leftPadding - root.padding
font.pixelSize: 15
} }
EditCroppedImagePanel { EditCroppedImagePanel {
@ -75,49 +86,12 @@ StatusDialog {
imageFileDialogTitle: qsTr("Choose an image as logo") imageFileDialogTitle: qsTr("Choose an image as logo")
title: qsTr("Edit group name and image") title: qsTr("Edit group name and image")
acceptButtonText: qsTr("Use as an icon for this group chat") acceptButtonText: qsTr("Use as an icon for this group chat")
backgroundComponent:
StatusLetterIdenticon {
id: letter
color: colorSelectionGrid.selectedColor
name: root.activeGroupName
height: 100
width: 100
letterSize: 64
StatusRoundButton {
id: addButton
icon.name: "add"
type: StatusRoundButton.Type.Secondary
transform: [
Translate {
x: -addButton.width/2 - 5
y: -addButton.height/2 + 5
},
Rotation { angle: -addRotationTransform.angle },
Rotation {
id: addRotationTransform
angle: 135
origin.x: letter.radius
},
Translate {
x: letter.width - 2 * letter.radius
y: letter.radius
}
]
onClicked: imageEditor.chooseImageToCrop()
}
}
} }
StatusBaseText { StatusBaseText {
id: colorText id: colorText
text: qsTr("Standard colours") text: qsTr("Standard colours")
leftPadding: groupName.leftPadding - root.padding leftPadding: groupName.leftPadding - root.padding
font.pixelSize: 15
} }
StatusColorSelectorGrid { StatusColorSelectorGrid {

8
ui/imports/utils/Constants.qml
View File

@ -503,12 +503,12 @@ QtObject {
errorMessage: qsTr("Usernames starting with whitespace are not allowed") errorMessage: qsTr("Usernames starting with whitespace are not allowed")
}, },
StatusRegularExpressionValidator { StatusRegularExpressionValidator {
regularExpression: /^[a-zA-Z0-9\-_ ]+$/ regularExpression: regularExpressions.alphanumericalExpanded
errorMessage: errorMessages.alphanumericalExpandedRegExp errorMessage: errorMessages.alphanumericalExpandedRegExp
}, },
StatusMinLengthValidator { StatusMinLengthValidator {
minLength: keypair.nameLengthMin minLength: keypair.nameLengthMin
errorMessage: qsTr("Username must be at least %1 characters").arg(keypair.nameLengthMin) errorMessage: qsTr("Username must be at least %n character(s)", "", keypair.nameLengthMin)
}, },
StatusValidator { StatusValidator {
name: "endsWithSpaceValidator" name: "endsWithSpaceValidator"
@ -645,7 +645,7 @@ QtObject {
readonly property QtObject regularExpressions: QtObject { readonly property QtObject regularExpressions: QtObject {
readonly property var alphanumerical: /^$|^[a-zA-Z0-9]+$/ readonly property var alphanumerical: /^$|^[a-zA-Z0-9]+$/
readonly property var alphanumericalExpanded: /^$|^[a-zA-Z0-9\-_ ]+$/ readonly property var alphanumericalExpanded: /^$|^[a-zA-Z0-9\-_.\u0020]+$/
readonly property var alphanumericalWithSpace: /^$|^[a-zA-Z0-9\s]+$/ readonly property var alphanumericalWithSpace: /^$|^[a-zA-Z0-9\s]+$/
readonly property var asciiPrintable: /^$|^[!-~]+$/ readonly property var asciiPrintable: /^$|^[!-~]+$/
readonly property var ascii: /^$|^[\x00-\x7F]+$/ readonly property var ascii: /^$|^[\x00-\x7F]+$/
@ -655,8 +655,8 @@ QtObject {
readonly property QtObject errorMessages: QtObject { readonly property QtObject errorMessages: QtObject {
readonly property string alphanumericalRegExp: qsTr("Only letters and numbers allowed") readonly property string alphanumericalRegExp: qsTr("Only letters and numbers allowed")
readonly property string alphanumericalWithSpaceRegExp: qsTr("Special characters are not allowed")
readonly property string alphanumericalExpandedRegExp: qsTr("Only letters, numbers, underscores, whitespaces and hyphens allowed") readonly property string alphanumericalExpandedRegExp: qsTr("Only letters, numbers, underscores, whitespaces and hyphens allowed")
readonly property string alphanumericalWithSpaceRegExp: qsTr("Special characters are not allowed")
readonly property string asciiRegExp: qsTr("Only letters, numbers and ASCII characters allowed") readonly property string asciiRegExp: qsTr("Only letters, numbers and ASCII characters allowed")
} }