Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

We should erase m.room.encrypted content fields upon receiving a redaction #21929

Closed
dkasak opened this issue Apr 26, 2022 · 0 comments · Fixed by matrix-org/matrix-js-sdk#2346
Closed

We should erase m.room.encrypted content fields upon receiving a redaction #21929

dkasak opened this issue Apr 26, 2022 · 0 comments · Fixed by matrix-org/matrix-js-sdk#2346
Assignees
@t3chguy
Labels
A-E2EE A-Redaction O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Severely degrades major functionality or product features, with no satisfactory workaround Security T-Defect Z-Spec-Compliance An area where Element doesn't correctly implement the spec

Comments

@dkasak
Copy link
Member

dkasak commented Apr 26, 2022

Your use case

Element Web/Desktop do not remove the content fields (e.g. ciphertext) of m.room.encrypted events on redaction. I'm basing this on the fact that these fields are still visible in View Source after the redaction is received. Per the spec, since these fields are not exempted from redaction, they should be removed upon receiving a redaction.

For comparison, Element Android lists an empty content on a redacted m.room.encrypted event's View source.

Have you considered any alternatives?

No response

Additional context

No response
@dkasak dkasak added A-E2EE Z-Spec-Compliance An area where Element doesn't correctly implement the spec A-Redaction labels Apr 26, 2022
@andybalaam andybalaam added S-Critical Prevents work, causes data loss and/or has no workaround S-Major Severely degrades major functionality or product features, with no satisfactory workaround O-Occasional Affects or can be seen by some users regularly or most users rarely T-Defect and removed S-Critical Prevents work, causes data loss and/or has no workaround labels Apr 26, 2022
@t3chguy t3chguy self-assigned this May 4, 2022
@t3chguy t3chguy mentioned this issue May 4, 2022
Merged
su-ex added a commit to SchildiChat/matrix-js-sdk that referenced this issue May 28, 2022
@su-ex
Merge tag 'v18.0.0' into sc
4a5ee08 
* Implement changes to MSC2285 (private read receipts) ([\matrix-org#2221](matrix-org#2221)).
* Add support for HTML renderings of room topics ([\matrix-org#2272](matrix-org#2272)).
* Add stopClient parameter to MatrixClient::logout ([\matrix-org#2367](matrix-org#2367)).
* registration: add function to re-request email token ([\matrix-org#2357](matrix-org#2357)).
* Remove hacky custom status feature ([\matrix-org#2350](matrix-org#2350)).
* Remove default push rule override for MSC1930 ([\matrix-org#2376](matrix-org#2376)). Fixes element-hq/element-web#15439.
* Tweak thread creation & event adding to fix bugs around relations ([\matrix-org#2369](matrix-org#2369)). Fixes element-hq/element-web#22162 and element-hq/element-web#22180.
* Prune both clear & wire content on redaction ([\matrix-org#2346](matrix-org#2346)). Fixes element-hq/element-web#21929.
* MSC3786: Add a default push rule to ignore `m.room.server_acl` events ([\matrix-org#2333](matrix-org#2333)). Fixes element-hq/element-web#20788.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@t3chguy t3chguy

Labels
A-E2EE A-Redaction O-Occasional Affects or can be seen by some users regularly or most users rarely S-Major Severely degrades major functionality or product features, with no satisfactory workaround Security T-Defect Z-Spec-Compliance An area where Element doesn't correctly implement the spec
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Prune both clear & wire content on redaction matrix-org/matrix-js-sdk
4 participants
@andybalaam @dkasak @t3chguy @SimonBrandner