-
-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reply fallbacks leak room history #368
Comments
But you have no way of verifying them and knowing if they are the true history, its the same as someone posting a screenshot/quote of the history you do not have access to |
sure, but chances are usually low that it's fake. Users might rely on the fact that e.g. riot doesn't let them access the message, without realizing the message is also embedded in the event data |
As per #14824, reply fallbacks also leak participant servers with the |
@Half-Shot how is that any more problematic than someone dumping a permalink to the same event in the other room? |
A permalink is visible, and so the user can immediate see that they fucked up and can remove it. A reply fallback is rendered as "unable to render" in Element, but the source of the event contains the via data. Ergo, one is a visible mistake and can be corrected immediately, the other is invisible. |
Tbh (albeit offtopic here), the fact that reply fallbacks survive redactions seems a much bigger issue to me. |
|
If you redact the reply, the fallback gets redacted along with it. If you redact the message replied to, the reply fallback survives. |
This problem is approached in MSC matrix-org/matrix-spec-proposals#2781. |
This isn't really a big issue, but when joining a room which only allows you to view messages after you join, you can see earlier messages by looking into the fallback of replies.
The text was updated successfully, but these errors were encountered: