Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix js injection in message input #1943

Merged
merged 1 commit into from
Oct 9, 2023
Merged

Fix js injection in message input #1943

merged 1 commit into from
Oct 9, 2023

Conversation

EmiM
Copy link
Contributor

@EmiM EmiM commented Oct 9, 2023
edited
Loading

Pull Request Checklist

  • I have linked this PR to related GitHub issue.
  • I have updated the CHANGELOG.md file with relevant changes (the file is located at the root of monorepo).

(Optional) Mobile checklist

Please ensure you completed the following checks if you did any changes to the mobile package:

  • I have run e2e tests for mobile
  • I have updated base screenshots for visual regression tests

@EmiM EmiM force-pushed the fix/744-js-injection branch from f648606 to a050135 Compare October 9, 2023 13:03
@EmiM EmiM mentioned this pull request Oct 9, 2023
Closed
@EmiM EmiM requested review from siepra and vinkabuki October 9, 2023 13:08
@EmiM EmiM marked this pull request as ready for review October 9, 2023 13:09
@EmiM EmiM force-pushed the fix/744-js-injection branch from a050135 to f4dca75 Compare October 9, 2023 13:12
@EmiM EmiM merged commit ca6c8ee into master Oct 9, 2023
EmiM added a commit that referenced this pull request Nov 23, 2023
@EmiM @Kacper-RF
@vinkabuki @siepra @githubquiet
Chore/master to develop (#2104)
16612aa 
* Fix - js injection in message input (#1943)

* use notarytool for macos notarization

* Secure backend socket.io from other applications that can access localhost i.e. browser (#1940)

* secure socket IO connection with token and origin, transform token from main.ts to backend and state manager

* Add authorization headers to socketio android notifications client

* Secure socketIO connection on iOS

* Extend lastKnownPort to lastKnownSocketIOData on android

* Handle socketIOSecret for iOS lifecycle event

* feat: getRandomValues and concept for validating options on backend

* fix: use secure crypto for ios socketio secret

---------

Co-authored-by: Vin Kabuki <[email protected]>
Co-authored-by: siepra <[email protected]>

* feat: notifier component #1980

* feat: use mailto for support address #1980

* fix: building mobile package #1980

* Publish

 - @quiet/[email protected]
 - @quiet/[email protected]
 - [email protected]
 - [email protected]
 - [email protected]
 - @quiet/[email protected]
 - @quiet/[email protected]

* fix: pass team id for notarization

* chore: abort build on notarization failure (#2081)

* chore: deactivate 'breaking changes warning' for mobile and desktop #2097 #2096

* fix: use default websocket port in case of none

---------

Co-authored-by: Kacper Michalik <[email protected]>
Co-authored-by: Vin Kabuki <[email protected]>
Co-authored-by: Kacper-RF <[email protected]>
Co-authored-by: siepra <[email protected]>
Co-authored-by: Wiktor Sieprawski <[email protected]>
Co-authored-by: [email protected] <[email protected]>
@siepra siepra deleted the fix/744-js-injection branch December 8, 2023 12:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@siepra siepra siepra approved these changes

@vinkabuki vinkabuki vinkabuki approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@EmiM @siepra @vinkabuki