Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Placeholder messages display with HTML entities #644

Closed
eloquence opened this issue Dec 6, 2019 · 4 comments · Fixed by #703
Closed

Placeholder messages display with HTML entities #644

eloquence opened this issue Dec 6, 2019 · 4 comments · Fixed by #703
Labels
bug Something isn't working
Milestone
Initial beta release

Comments

@eloquence
Copy link
Member

As of the December 6 nightly build, I see the following placeholders in Qubes when messages haven't been downloaded yet:

<Message not yet available>
<Reply not yet available>

Instead of the expected

<Message not yet available>
<Reply not yet available>
@eloquence eloquence added the bug Something isn't working label Dec 6, 2019
@eloquence eloquence added this to the 0.2.0beta milestone Dec 17, 2019
@kushaldas
Copy link
Contributor

I can reproduce this.

wrong_ui_before_decryption

@kushaldas
Copy link
Contributor

This is due to the html.escape introduced via dcce99f commit. This helps to mitigate against any random random attack in the message text.

My suggestion is to just remove > and < characters from any such message. @eloquence @redshiftzero @emkll your thoughts?

@emkll
Copy link
Contributor

emkll commented Dec 18, 2019

related to #645

@eloquence
Copy link
Member Author

eloquence commented Dec 18, 2019
edited

I don't especially care about the use of these characters in the placeholder text (long term we want to use a different loading pattern anyway), but I do feel iffy about characters that should be safe when handled responsibly not working here. :/ And I do think we must resolve #645.

@ntoll ntoll mentioned this issue Jan 16, 2020
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
Initial beta release
Development

Successfully merging a pull request may close this issue.

Fix HTML entities being escaped in speech bubbles. ntoll/securedrop-client
3 participants
@eloquence @kushaldas @emkll