Commit Graph

7 Commits

Author SHA1 Message Date
Gheorghe Pinzaru df9062475c
Extend security masked data protocol 2020-07-15 11:25:10 +03:00
Andrea Maria Piana 28ebedbd16
Handle encoded urls
We didn't check for encoded characters in the URL.
Instead now first we decode the URL components, and then match against
the URLs.
We also make sure that there's no HTML in the link passed.

Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
2020-06-23 14:03:02 +02:00
yenda d5ef218584
use shadow-cljs
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: yenda <eric@status.im>
2020-04-30 15:43:46 +02:00
Andrea Maria Piana 9a9c0ce526
Render markdown
Fixes: https://github.com/status-im/trailofbits-audit/issues/47
Fixes: https://github.com/status-im/trailofbits-audit/issues/46
Fixes: https://github.com/status-im/trailofbits-audit/issues/44
Fixes: https://github.com/status-im/security-reports/issues/13
Fixes: https://github.com/status-im/security-reports/issues/5
Fixes: https://github.com/status-im/status-react/issues/8995

This commits re-introduce rendering of markdown text and implent a few
changes:

1) Parsing of the message content is now in status-go, this includes
markdown, line-count, and rtl. Parsing is not nested, as there's some
rendering degradation involved as we nest components, unclear exactly if
it's react-native or clojure, haven't looked too deeply into it.
2) Emojii type messages are not parsed on the sending side, not the
receiving one, using the appropriate content-type
3) Fixes a few issues with chat input rendering, currrently we use
`chats/current-chat` subscription which is very heavy and should not be
used unless necessary, and means that
any change to chat will trigger a re-render, which caused re-rendering
of input container on each received message. Also to note that
input-container is fairly heavy to render, and it's rendered twice at
each keypress on input.

The inline markdow supported is:

*italic* or _italic_
**bold** or __bold__
`inline code`
http://test.com links
\#status-tag

The block markdown supported is:

\# Headers
```
code blocks
```
> Quotereply

The styling is very basic at the moment, but can be improved.
Adding other markdown (photo,mentions) is straightforward and should
come at little performance cost (unless the component to render is
heavy, i.e a photo for example).

There are some behavioral changes with this commit:

1) Links are only parsed if starting with http:// or https://, meaning that
blah.com won't be parsed, nor www.test.com. This behavior is consistent
with discord for example and allows faster parsing at little expense to
ser experience imo. Fixes a few security issues as well.

2) Content is not anymore capped (regression), that's due to the fact that
before we only rendered text and react-native allowed us easily to limit
the number of lines, but adding markdown support means that this
strategy is not viable anymore. Performance of rendering don't see to be
very much impacted by this, I would re-introduce it if necessary, but
I'd rather do that in a separate PR.

Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
2019-11-15 10:23:25 +01:00
Andrea Maria Piana 3b52a61bdf
validate links before opening
Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
2019-08-29 15:14:06 +02:00
Roman Volosovskyi 7264ae2a14
prevent logging of re-frame events parameters
mask password received from keychain
2018-11-08 12:39:50 +01:00
Igor Mandrigin 789ee61212
Use a custom type to avoid accidentially logging passwords.
Signed-off-by: Igor Mandrigin <i@mandrigin.ru>
2018-05-28 11:56:16 +02:00