From dc679052c0cab14dc7239df9679941838015dc2a Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Tue, 11 Jul 2023 13:46:05 +0100 Subject: [PATCH 01/11] Upgrade matrix-js-sdk to 27.0.0-rc.1 --- package.json | 2 +- yarn.lock | 31 +++++++++++++++++++++++-------- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/package.json b/package.json index 83f5761aec..259d1562e2 100644 --- a/package.json +++ b/package.json @@ -97,7 +97,7 @@ "maplibre-gl": "^2.0.0", "matrix-encrypt-attachment": "^1.0.3", "matrix-events-sdk": "0.0.1", - "matrix-js-sdk": "github:matrix-org/matrix-js-sdk#develop", + "matrix-js-sdk": "27.0.0-rc.1", "matrix-widget-api": "^1.4.0", "memoize-one": "^6.0.0", "minimist": "^1.2.5", diff --git a/yarn.lock b/yarn.lock index c47b81eec2..c3d46c2033 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1605,10 +1605,10 @@ resolved "https://registry.yarnpkg.com/@matrix-org/analytics-events/-/analytics-events-0.5.0.tgz#38b69c4e29d243944c5712cca7b674a3432056e6" integrity sha512-uL5kf7MqC+GxsGJtimPVbFliyaFinohTHSzohz31JTysktHsjRR2SC+vV7sy2/dstTWVdG9EGOnohyPsB+oi3A== -"@matrix-org/matrix-sdk-crypto-js@^0.1.0": - version "0.1.0" - resolved "https://registry.yarnpkg.com/@matrix-org/matrix-sdk-crypto-js/-/matrix-sdk-crypto-js-0.1.0.tgz#766580036d4df12120ded223e13b5640e77db136" - integrity sha512-ra/bcFdleC1iRNms2I96UXA0NvQYWpMsHrV5EfJRS7qV1PtnQNvgsvMfjMbkx8QT2ErEmIhsvB5fPCpfp8BSuw== +"@matrix-org/matrix-sdk-crypto-js@^0.1.1": + version "0.1.2" + resolved "https://registry.yarnpkg.com/@matrix-org/matrix-sdk-crypto-js/-/matrix-sdk-crypto-js-0.1.2.tgz#b58679e161f3d734359a8665922956309b1a4417" + integrity sha512-bbal0RcWwerS/DgqhOgM7wkXJ2YSv9fySK/qgLlrAsdYLpMSTqG8wDQ89/v+RYo9WmA5hwUN/wXcCDdFaFEXQQ== "@matrix-org/matrix-wysiwyg@^2.3.0": version "2.3.0" @@ -3502,6 +3502,11 @@ crypt@0.0.2: resolved "https://registry.yarnpkg.com/crypt/-/crypt-0.0.2.tgz#88d7ff7ec0dfb86f713dc87bbb42d044d3e6c41b" integrity sha512-mCxBlsHFYh9C+HVpiEacem8FEBnMXgU9gy4zmNC+SXAZNB/1idgp/aulFJ4FgCi7GPEVbfyng092GqL2k2rmow== +crypto-js@^4.1.1: + version "4.1.1" + resolved "https://registry.yarnpkg.com/crypto-js/-/crypto-js-4.1.1.tgz#9e485bcf03521041bd85844786b83fb7619736cf" + integrity sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw== + css-box-model@^1.2.0: version "1.2.1" resolved "https://registry.yarnpkg.com/css-box-model/-/css-box-model-1.2.1.tgz#59951d3b81fd6b2074a62d49444415b0d2b4d7c1" @@ -6553,12 +6558,13 @@ matrix-events-sdk@0.0.1: resolved "https://registry.yarnpkg.com/matrix-events-sdk/-/matrix-events-sdk-0.0.1.tgz#c8c38911e2cb29023b0bbac8d6f32e0de2c957dd" integrity sha512-1QEOsXO+bhyCroIe2/A5OwaxHvBm7EsSQ46DEDn8RBIfQwN5HWBpFvyWWR4QY0KHPPnnJdI99wgRiAl7Ad5qaA== -"matrix-js-sdk@github:matrix-org/matrix-js-sdk#develop": - version "26.2.0" - resolved "https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/5751df1288b340fe08358145e5d47d28ed69465a" +matrix-js-sdk@27.0.0-rc.1: + version "27.0.0-rc.1" + resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-27.0.0-rc.1.tgz#85a8a64b6d88fd57d3d1ee0b69a515ebb039e882" + integrity sha512-6bo4PbUCTvjqAf2urBf3L1UxE72//ubL4QsNOJmU9/IfLZQOql+ByvRKrKES245H4KxQHLg1s4lug8sIcfISBQ== dependencies: "@babel/runtime" "^7.12.5" - "@matrix-org/matrix-sdk-crypto-js" "^0.1.0" + "@matrix-org/matrix-sdk-crypto-js" "^0.1.1" another-json "^0.2.0" bs58 "^5.0.0" content-type "^1.0.4" @@ -6566,6 +6572,7 @@ matrix-events-sdk@0.0.1: loglevel "^1.7.1" matrix-events-sdk "0.0.1" matrix-widget-api "^1.3.1" + oidc-client-ts "^2.2.4" p-retry "4" sdp-transform "^2.14.1" unhomoglyph "^1.0.6" @@ -6928,6 +6935,14 @@ object.values@^1.1.6: define-properties "^1.1.4" es-abstract "^1.20.4" +oidc-client-ts@^2.2.4: + version "2.2.4" + resolved "https://registry.yarnpkg.com/oidc-client-ts/-/oidc-client-ts-2.2.4.tgz#7d86b5efe2248f3637a6f3a0ee1af86764aea125" + integrity sha512-nOZwIomju+AmXObl5Oq5PjrES/qTt8bLsENJCIydVgi9TEWk7SCkOU6X3RNkY7yfySRM1OJJvDKdREZdmnDT2g== + dependencies: + crypto-js "^4.1.1" + jwt-decode "^3.1.2" + once@^1.3.0, once@^1.3.1, once@^1.4.0: version "1.4.0" resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1" From ae3eda60653b8de1f0d5a1dad7a59afe22c77bf3 Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Tue, 11 Jul 2023 13:47:52 +0100 Subject: [PATCH 02/11] Prepare changelog for v3.76.0-rc.1 --- CHANGELOG.md | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index afeec56d19..2303f48817 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,46 @@ +Changes in [3.76.0-rc.1](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.76.0-rc.1) (2023-07-11) +=============================================================================================================== + +## ✨ Features + * GYU: Update banner ([\#11211](https://github.com/matrix-org/matrix-react-sdk/pull/11211)). Fixes vector-im/element-web#25530. Contributed by @justjanne. + * Linkify mxc:// URLs as links to your media repo ([\#11213](https://github.com/matrix-org/matrix-react-sdk/pull/11213)). Fixes vector-im/element-web#6942. + * OIDC: Log in ([\#11199](https://github.com/matrix-org/matrix-react-sdk/pull/11199)). Fixes vector-im/element-web#25657. Contributed by @kerryarchibald. + * Handle all permitted url schemes in linkify ([\#11215](https://github.com/matrix-org/matrix-react-sdk/pull/11215)). Fixes vector-im/element-web#4457 and vector-im/element-web#8720. + * Autoapprove Element Call oidc requests ([\#11209](https://github.com/matrix-org/matrix-react-sdk/pull/11209)). Contributed by @toger5. + * Allow creating knock rooms ([\#11182](https://github.com/matrix-org/matrix-react-sdk/pull/11182)). Contributed by @charlynguyen. + * feat(faq): remove keyboard shortcuts button ([\#9342](https://github.com/matrix-org/matrix-react-sdk/pull/9342)). Fixes vector-im/element-web#22625. Contributed by @gefgu. + * Expose and pre-populate thread ID in devtools dialog ([\#10953](https://github.com/matrix-org/matrix-react-sdk/pull/10953)). + * Hide URL preview if it will be empty ([\#9029](https://github.com/matrix-org/matrix-react-sdk/pull/9029)). + * Change wording from avatar to profile picture ([\#7015](https://github.com/matrix-org/matrix-react-sdk/pull/7015)). Fixes vector-im/element-meta#1331. Contributed by @aaronraimist. + * Quick and dirty devtool to explore state history ([\#11197](https://github.com/matrix-org/matrix-react-sdk/pull/11197)). + * Consider more user inputs when calculating zxcvbn score ([\#11180](https://github.com/matrix-org/matrix-react-sdk/pull/11180)). + * GYU: Account Notification Settings ([\#11008](https://github.com/matrix-org/matrix-react-sdk/pull/11008)). Fixes vector-im/element-web#24567. Contributed by @justjanne. + * Compound Typography pass ([\#11103](https://github.com/matrix-org/matrix-react-sdk/pull/11103)). Fixes vector-im/element-web#25548. + * OIDC: navigate to authorization endpoint ([\#11096](https://github.com/matrix-org/matrix-react-sdk/pull/11096)). Fixes vector-im/element-web#25574. Contributed by @kerryarchibald. + +## 🐛 Bug Fixes + * Make checkboxes less rounded ([\#11224](https://github.com/matrix-org/matrix-react-sdk/pull/11224)). Contributed by @andybalaam. + * GYU: Fix issues with audible keywords without activated mentions ([\#11218](https://github.com/matrix-org/matrix-react-sdk/pull/11218)). Contributed by @justjanne. + * PosthogAnalytics unwatch settings on logout ([\#11207](https://github.com/matrix-org/matrix-react-sdk/pull/11207)). Fixes vector-im/element-web#25703. + * Avoid trying to set room account data for pinned events as guest ([\#11216](https://github.com/matrix-org/matrix-react-sdk/pull/11216)). Fixes vector-im/element-web#6300. + * GYU: Disable sound for DMs checkbox when DM notifications are disabled ([\#11210](https://github.com/matrix-org/matrix-react-sdk/pull/11210)). Contributed by @justjanne. + * force to allow calls without video and audio in embedded mode ([\#11131](https://github.com/matrix-org/matrix-react-sdk/pull/11131)). Contributed by @EnricoSchw. + * Fix room tile text clipping ([\#11196](https://github.com/matrix-org/matrix-react-sdk/pull/11196)). Fixes vector-im/element-web#25718. + * Handle newlines in user pills ([\#11166](https://github.com/matrix-org/matrix-react-sdk/pull/11166)). Fixes vector-im/element-web#10994. + * Limit width of user menu in space panel ([\#11192](https://github.com/matrix-org/matrix-react-sdk/pull/11192)). Fixes vector-im/element-web#22627. + * Add isLocation to ComposerEvent analytics events ([\#11187](https://github.com/matrix-org/matrix-react-sdk/pull/11187)). Contributed by @andybalaam. + * Fix: hide unsupported login elements ([\#11185](https://github.com/matrix-org/matrix-react-sdk/pull/11185)). Fixes vector-im/element-web#25711. Contributed by @kerryarchibald. + * Scope smaller font size to user info panel ([\#11178](https://github.com/matrix-org/matrix-react-sdk/pull/11178)). Fixes vector-im/element-web#25683. + * Apply i18n to strings in the html export ([\#11176](https://github.com/matrix-org/matrix-react-sdk/pull/11176)). + * Inhibit url previews on MXIDs containing slashes same as those without ([\#11160](https://github.com/matrix-org/matrix-react-sdk/pull/11160)). + * Make event info size consistent with state events ([\#11181](https://github.com/matrix-org/matrix-react-sdk/pull/11181)). + * Fix markdown content spacing ([\#11177](https://github.com/matrix-org/matrix-react-sdk/pull/11177)). Fixes vector-im/element-web#25685. + * Fix font-family definition for emojis ([\#11170](https://github.com/matrix-org/matrix-react-sdk/pull/11170)). Fixes vector-im/element-web#25686. + * Fix spurious error sending receipt in thread errors ([\#11157](https://github.com/matrix-org/matrix-react-sdk/pull/11157)). + * Consider the empty push rule actions array equiv to deprecated dont_notify ([\#11155](https://github.com/matrix-org/matrix-react-sdk/pull/11155)). Fixes vector-im/element-web#25674. + * Only trap escape key for cancel reply if there is a reply ([\#11140](https://github.com/matrix-org/matrix-react-sdk/pull/11140)). Fixes vector-im/element-web#25640. + * Update linkify to 4.1.1 ([\#11132](https://github.com/matrix-org/matrix-react-sdk/pull/11132)). Fixes vector-im/element-web#23806. + Changes in [3.75.0](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.75.0) (2023-07-04) ===================================================================================================== From a67427e6caa4f53353bb034a73b5852ee9856aa1 Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Tue, 11 Jul 2023 13:47:54 +0100 Subject: [PATCH 03/11] v3.76.0-rc.1 --- package.json | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index 259d1562e2..f4fc3bbed4 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "matrix-react-sdk", - "version": "3.75.0", + "version": "3.76.0-rc.1", "description": "SDK for matrix.org using React", "author": "matrix.org", "repository": { @@ -23,7 +23,7 @@ "package.json", ".stylelintrc.js" ], - "main": "./src/index.ts", + "main": "./lib/index.ts", "matrix_src_main": "./src/index.ts", "matrix_lib_main": "./lib/index.ts", "matrix_lib_typings": "./lib/index.d.ts", @@ -221,5 +221,6 @@ "outputDirectory": "coverage", "outputName": "jest-sonar-report.xml", "relativePaths": true - } + }, + "typings": "./lib/index.d.ts" } From d38819ce9af4eadc2e08fe51d33a810befd2cc2a Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Fri, 14 Jul 2023 15:40:59 +0100 Subject: [PATCH 04/11] Fix missing metaspace notification badges (#11269) * Fix missing metaspace notification badges * Simplify conditional types (cherry picked from commit cdffd1ca1f7b60334a8ca3bba64d0a4e6d2b68d0) --- .../views/spaces/SpaceTreeLevel.tsx | 14 ++++-- .../views/spaces/SpaceTreeLevel-test.tsx | 21 +++++++- .../SpaceTreeLevel-test.tsx.snap | 49 +++++++++++++++++++ 3 files changed, 78 insertions(+), 6 deletions(-) create mode 100644 test/components/views/spaces/__snapshots__/SpaceTreeLevel-test.tsx.snap diff --git a/src/components/views/spaces/SpaceTreeLevel.tsx b/src/components/views/spaces/SpaceTreeLevel.tsx index 72ed355ffa..9f66a290b9 100644 --- a/src/components/views/spaces/SpaceTreeLevel.tsx +++ b/src/components/views/spaces/SpaceTreeLevel.tsx @@ -65,7 +65,7 @@ interface IButtonProps extends Omit = ({ space, - spaceKey, + spaceKey: _spaceKey, className, selected, label, @@ -82,6 +82,8 @@ export const SpaceButton: React.FC = ({ const [onFocus, isActive] = useRovingTabIndex(handle); const tabIndex = isActive ? 0 : -1; + const spaceKey = _spaceKey ?? space?.roomId; + let avatar = (
@@ -92,16 +94,16 @@ export const SpaceButton: React.FC = ({ } let notifBadge; - if (space && notificationState) { + if (spaceKey && notificationState) { let ariaLabel = _t("Jump to first unread room."); - if (space.getMyMembership() === "invite") { + if (space?.getMyMembership() === "invite") { ariaLabel = _t("Jump to first invite."); } const jumpToNotification = (ev: MouseEvent): void => { ev.stopPropagation(); ev.preventDefault(); - SpaceStore.instance.setActiveRoomInSpace(spaceKey ?? space.roomId); + SpaceStore.instance.setActiveRoomInSpace(spaceKey); }; notifBadge = ( @@ -132,7 +134,9 @@ export const SpaceButton: React.FC = ({ const viewSpaceHome = (): void => // space is set here because of the assignment condition of onClick defaultDispatcher.dispatch({ action: Action.ViewRoom, room_id: space!.roomId }); - const activateSpace = (): void => SpaceStore.instance.setActiveSpace(spaceKey ?? space?.roomId ?? ""); + const activateSpace = (): void => { + if (spaceKey) SpaceStore.instance.setActiveSpace(spaceKey); + }; const onClick = props.onClick ?? (selected && space ? viewSpaceHome : activateSpace); return ( diff --git a/test/components/views/spaces/SpaceTreeLevel-test.tsx b/test/components/views/spaces/SpaceTreeLevel-test.tsx index a44a09dfd4..f28cf18d4f 100644 --- a/test/components/views/spaces/SpaceTreeLevel-test.tsx +++ b/test/components/views/spaces/SpaceTreeLevel-test.tsx @@ -17,7 +17,7 @@ limitations under the License. import React from "react"; import { fireEvent, getByTestId, render } from "@testing-library/react"; -import { stubClient, mkRoom } from "../../../test-utils"; +import { mkRoom, stubClient } from "../../../test-utils"; import { MatrixClientPeg } from "../../../../src/MatrixClientPeg"; import DMRoomMap from "../../../../src/utils/DMRoomMap"; import defaultDispatcher from "../../../../src/dispatcher/dispatcher"; @@ -25,6 +25,8 @@ import { Action } from "../../../../src/dispatcher/actions"; import { SpaceButton } from "../../../../src/components/views/spaces/SpaceTreeLevel"; import { MetaSpace, SpaceKey } from "../../../../src/stores/spaces"; import SpaceStore from "../../../../src/stores/spaces/SpaceStore"; +import { StaticNotificationState } from "../../../../src/stores/notifications/StaticNotificationState"; +import { NotificationColor } from "../../../../src/stores/notifications/NotificationColor"; jest.mock("../../../../src/stores/spaces/SpaceStore", () => { // eslint-disable-next-line @typescript-eslint/no-var-requires @@ -99,5 +101,22 @@ describe("SpaceButton", () => { // Re-activating the metaspace is a no-op expect(SpaceStore.instance.setActiveSpace).toHaveBeenCalledWith(MetaSpace.People); }); + + it("should render notificationState if one is provided", () => { + const notificationState = new StaticNotificationState(null, 8, NotificationColor.Grey); + + const { container, asFragment } = render( + , + ); + + expect(container.querySelector(".mx_NotificationBadge_count")).toHaveTextContent("8"); + expect(asFragment()).toMatchSnapshot(); + }); }); }); diff --git a/test/components/views/spaces/__snapshots__/SpaceTreeLevel-test.tsx.snap b/test/components/views/spaces/__snapshots__/SpaceTreeLevel-test.tsx.snap new file mode 100644 index 0000000000..427ba7016b --- /dev/null +++ b/test/components/views/spaces/__snapshots__/SpaceTreeLevel-test.tsx.snap @@ -0,0 +1,49 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`SpaceButton metaspace should render notificationState if one is provided 1`] = ` + +
+
+
+
+
+
+
+
+ + 8 + +
+
+
+ + People + +
+
+ +`; From fe947dca9e78c3286dd7486d7f439fd95fdf9b43 Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Fri, 14 Jul 2023 16:14:48 +0100 Subject: [PATCH 05/11] Upgrade matrix-js-sdk to 27.0.0-rc.2 --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index f4fc3bbed4..f120e4bb37 100644 --- a/package.json +++ b/package.json @@ -97,7 +97,7 @@ "maplibre-gl": "^2.0.0", "matrix-encrypt-attachment": "^1.0.3", "matrix-events-sdk": "0.0.1", - "matrix-js-sdk": "27.0.0-rc.1", + "matrix-js-sdk": "27.0.0-rc.2", "matrix-widget-api": "^1.4.0", "memoize-one": "^6.0.0", "minimist": "^1.2.5", diff --git a/yarn.lock b/yarn.lock index c3d46c2033..a447b35ddf 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6558,10 +6558,10 @@ matrix-events-sdk@0.0.1: resolved "https://registry.yarnpkg.com/matrix-events-sdk/-/matrix-events-sdk-0.0.1.tgz#c8c38911e2cb29023b0bbac8d6f32e0de2c957dd" integrity sha512-1QEOsXO+bhyCroIe2/A5OwaxHvBm7EsSQ46DEDn8RBIfQwN5HWBpFvyWWR4QY0KHPPnnJdI99wgRiAl7Ad5qaA== -matrix-js-sdk@27.0.0-rc.1: - version "27.0.0-rc.1" - resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-27.0.0-rc.1.tgz#85a8a64b6d88fd57d3d1ee0b69a515ebb039e882" - integrity sha512-6bo4PbUCTvjqAf2urBf3L1UxE72//ubL4QsNOJmU9/IfLZQOql+ByvRKrKES245H4KxQHLg1s4lug8sIcfISBQ== +matrix-js-sdk@27.0.0-rc.2: + version "27.0.0-rc.2" + resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-27.0.0-rc.2.tgz#7b77e118dd419776a42d061ba03fa72616a92d26" + integrity sha512-KC9Dd2LsGO3i7cW+c6RDJt90q/41kry2jTg4ZOukHfnmZ0cTO9JfmwxRtL/UgrVLdCeVDf2j/h4kckjWuKYsNA== dependencies: "@babel/runtime" "^7.12.5" "@matrix-org/matrix-sdk-crypto-js" "^0.1.1" From 99ac082656cd87896487e4889414e902d330efaf Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Fri, 14 Jul 2023 16:16:16 +0100 Subject: [PATCH 06/11] Prepare changelog for v3.76.0-rc.2 --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2303f48817..8a95e01ecb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +Changes in [3.76.0-rc.2](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.76.0-rc.2) (2023-07-14) +=============================================================================================================== + +## 🐛 Bug Fixes + * Fix missing metaspace notification badges ([\#11269](https://github.com/matrix-org/matrix-react-sdk/pull/11269)). Fixes vector-im/element-web#25679. + Changes in [3.76.0-rc.1](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.76.0-rc.1) (2023-07-11) =============================================================================================================== From d8dcfc96cceb1418017c818cb029719c6f2688e2 Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Fri, 14 Jul 2023 16:16:19 +0100 Subject: [PATCH 07/11] v3.76.0-rc.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index f120e4bb37..2d4f758daa 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "matrix-react-sdk", - "version": "3.76.0-rc.1", + "version": "3.76.0-rc.2", "description": "SDK for matrix.org using React", "author": "matrix.org", "repository": { From 22fcd34c606f32129ebc967fc21f24fb708a98b8 Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Tue, 18 Jul 2023 13:23:27 +0100 Subject: [PATCH 08/11] Sanitise strings going into the html export CVE-2023-37259 --- src/utils/exportUtils/HtmlExport.tsx | 41 ++++++++++++-------- test/utils/exportUtils/HTMLExport-test.ts | 46 +++++++++++++++++++++++ 2 files changed, 71 insertions(+), 16 deletions(-) diff --git a/src/utils/exportUtils/HtmlExport.tsx b/src/utils/exportUtils/HtmlExport.tsx index 667978b7b0..41edfd93df 100644 --- a/src/utils/exportUtils/HtmlExport.tsx +++ b/src/utils/exportUtils/HtmlExport.tsx @@ -21,6 +21,7 @@ import { MatrixEvent } from "matrix-js-sdk/src/models/event"; import { renderToStaticMarkup } from "react-dom/server"; import { EventType, MsgType } from "matrix-js-sdk/src/@types/event"; import { logger } from "matrix-js-sdk/src/logger"; +import escapeHtml from "escape-html"; import Exporter from "./Exporter"; import { mediaFromMxc } from "../../customisations/Media"; @@ -97,11 +98,16 @@ export default class HTMLExporter extends Exporter { const exporter = this.room.client.getSafeUserId(); const exporterName = this.room.getMember(exporter)?.rawDisplayName; const topic = this.room.currentState.getStateEvents(EventType.RoomTopic, "")?.getContent()?.topic || ""; - const createdText = _t("%(creatorName)s created this room.", { - creatorName, - }); - const exportedText = renderToStaticMarkup( + const safeCreatedText = escapeHtml( + _t("%(creatorName)s created this room.", { + creatorName, + }), + ); + const safeExporter = escapeHtml(exporter); + const safeRoomName = escapeHtml(this.room.name); + const safeTopic = escapeHtml(topic); + const safeExportedText = renderToStaticMarkup(

{_t( "This is the start of export of . Exported by at %(exportDate)s.", @@ -109,16 +115,19 @@ export default class HTMLExporter extends Exporter { exportDate, }, { - roomName: () => {this.room.name}, + roomName: () => {safeRoomName}, exporterDetails: () => ( - + {exporterName ? ( <> - {exporterName} - {" (" + exporter + ")"} + {escapeHtml(exporterName)}I {" (" + safeExporter + ")"} ) : ( - {exporter} + {safeExporter} )} ), @@ -127,7 +136,7 @@ export default class HTMLExporter extends Exporter {

, ); - const topicText = topic ? _t("Topic: %(topic)s", { topic }) : ""; + const safeTopicText = topic ? _t("Topic: %(topic)s", { topic: safeTopic }) : ""; const previousMessagesLink = renderToStaticMarkup( currentPage !== 0 ? (
@@ -183,12 +192,12 @@ export default class HTMLExporter extends Exporter {
- ${this.room.name} + ${safeRoomName}
-
${topic}
+
${safeTopic}
${previousMessagesLink} @@ -214,10 +223,10 @@ export default class HTMLExporter extends Exporter { currentPage == 0 ? `
${roomAvatar} -

${this.room.name}

-

${createdText}

${exportedText}

+

${safeRoomName}

+

${safeCreatedText}

${safeExportedText}


-

${topicText}

+

${safeTopicText}

` : "" } diff --git a/test/utils/exportUtils/HTMLExport-test.ts b/test/utils/exportUtils/HTMLExport-test.ts index f81764170c..53512dbad1 100644 --- a/test/utils/exportUtils/HTMLExport-test.ts +++ b/test/utils/exportUtils/HTMLExport-test.ts @@ -25,6 +25,7 @@ import { RoomState, } from "matrix-js-sdk/src/matrix"; import fetchMock from "fetch-mock-jest"; +import escapeHtml from "escape-html"; import { filterConsole, mkStubRoom, REPEATABLE_DATE, stubClient } from "../../test-utils"; import { ExportType, IExportOptions } from "../../../src/utils/exportUtils/exportUtils"; @@ -505,4 +506,49 @@ describe("HTMLExport", () => { ); expect(result).not.toContain("Next group of messages"); }); + + it("should not leak javascript from room names or topics", async () => { + const name = ""; + const topic = ""; + mockMessages(EVENT_MESSAGE); + room.currentState.setStateEvents([ + new MatrixEvent({ + type: EventType.RoomName, + event_id: "$00001", + room_id: room.roomId, + sender: "@alice:example.com", + origin_server_ts: 0, + content: { name }, + state_key: "", + }), + new MatrixEvent({ + type: EventType.RoomTopic, + event_id: "$00002", + room_id: room.roomId, + sender: "@alice:example.com", + origin_server_ts: 1, + content: { topic }, + state_key: "", + }), + ]); + room.recalculate(); + + const exporter = new HTMLExporter( + room, + ExportType.Timeline, + { + attachmentsIncluded: false, + maxSize: 1_024 * 1_024, + }, + () => {}, + ); + + await exporter.export(); + const html = await getMessageFile(exporter).text(); + + expect(html).not.toContain(`${name}`); + expect(html).toContain(`${escapeHtml(name)}`); + expect(html).not.toContain(`${topic}`); + expect(html).toContain(`Topic: ${escapeHtml(topic)}`); + }); }); From f0f1f0c1f5d1602acff91c63b6402d325ca29f86 Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Tue, 18 Jul 2023 13:30:17 +0100 Subject: [PATCH 09/11] Upgrade matrix-js-sdk to 27.0.0 --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 2d4f758daa..21ef3d914c 100644 --- a/package.json +++ b/package.json @@ -97,7 +97,7 @@ "maplibre-gl": "^2.0.0", "matrix-encrypt-attachment": "^1.0.3", "matrix-events-sdk": "0.0.1", - "matrix-js-sdk": "27.0.0-rc.2", + "matrix-js-sdk": "27.0.0", "matrix-widget-api": "^1.4.0", "memoize-one": "^6.0.0", "minimist": "^1.2.5", diff --git a/yarn.lock b/yarn.lock index a447b35ddf..7da2713525 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6558,10 +6558,10 @@ matrix-events-sdk@0.0.1: resolved "https://registry.yarnpkg.com/matrix-events-sdk/-/matrix-events-sdk-0.0.1.tgz#c8c38911e2cb29023b0bbac8d6f32e0de2c957dd" integrity sha512-1QEOsXO+bhyCroIe2/A5OwaxHvBm7EsSQ46DEDn8RBIfQwN5HWBpFvyWWR4QY0KHPPnnJdI99wgRiAl7Ad5qaA== -matrix-js-sdk@27.0.0-rc.2: - version "27.0.0-rc.2" - resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-27.0.0-rc.2.tgz#7b77e118dd419776a42d061ba03fa72616a92d26" - integrity sha512-KC9Dd2LsGO3i7cW+c6RDJt90q/41kry2jTg4ZOukHfnmZ0cTO9JfmwxRtL/UgrVLdCeVDf2j/h4kckjWuKYsNA== +matrix-js-sdk@27.0.0: + version "27.0.0" + resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-27.0.0.tgz#83dae79930325a5aa552f9d9899b31351ecc7bf3" + integrity sha512-Py9My7t72sU0YawdqRCs1BvDwjvAUR5gmwa/oXBxMPFIV5qDrm4F8NvUJLNA80DnYxQT4nDjnM69H8QLv5IRfg== dependencies: "@babel/runtime" "^7.12.5" "@matrix-org/matrix-sdk-crypto-js" "^0.1.1" From 2722bd4e4c4ccf4d0c1588de8f98d30a7d55854c Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Tue, 18 Jul 2023 13:33:20 +0100 Subject: [PATCH 10/11] Prepare changelog for v3.76.0 --- CHANGELOG.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a95e01ecb..5034883672 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,8 @@ -Changes in [3.76.0-rc.2](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.76.0-rc.2) (2023-07-14) -=============================================================================================================== +Changes in [3.76.0](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.76.0) (2023-07-18) +===================================================================================================== -## 🐛 Bug Fixes - * Fix missing metaspace notification badges ([\#11269](https://github.com/matrix-org/matrix-react-sdk/pull/11269)). Fixes vector-im/element-web#25679. - -Changes in [3.76.0-rc.1](https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.76.0-rc.1) (2023-07-11) -=============================================================================================================== +## 🔒 Security + * Fixes for [CVE-2023-37259](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-37259) / [GHSA-c9vx-2g7w-rp65](https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-c9vx-2g7w-rp65) ## ✨ Features * GYU: Update banner ([\#11211](https://github.com/matrix-org/matrix-react-sdk/pull/11211)). Fixes vector-im/element-web#25530. Contributed by @justjanne. @@ -25,6 +22,7 @@ Changes in [3.76.0-rc.1](https://github.com/matrix-org/matrix-react-sdk/releases * OIDC: navigate to authorization endpoint ([\#11096](https://github.com/matrix-org/matrix-react-sdk/pull/11096)). Fixes vector-im/element-web#25574. Contributed by @kerryarchibald. ## 🐛 Bug Fixes + * Fix missing metaspace notification badges ([\#11269](https://github.com/matrix-org/matrix-react-sdk/pull/11269)). Fixes vector-im/element-web#25679. * Make checkboxes less rounded ([\#11224](https://github.com/matrix-org/matrix-react-sdk/pull/11224)). Contributed by @andybalaam. * GYU: Fix issues with audible keywords without activated mentions ([\#11218](https://github.com/matrix-org/matrix-react-sdk/pull/11218)). Contributed by @justjanne. * PosthogAnalytics unwatch settings on logout ([\#11207](https://github.com/matrix-org/matrix-react-sdk/pull/11207)). Fixes vector-im/element-web#25703. From 35c7df19aff56befd8d06980dfe79a699710a14e Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Tue, 18 Jul 2023 13:33:23 +0100 Subject: [PATCH 11/11] v3.76.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 21ef3d914c..844e70caac 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "matrix-react-sdk", - "version": "3.76.0-rc.2", + "version": "3.76.0", "description": "SDK for matrix.org using React", "author": "matrix.org", "repository": {