New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inline images with invalid HTTPS certs cause error that prevents use of stream #4726
Comments
Just updating this thread that we apparently have a similar bug in the desktop app (zulip/zulip-desktop#1119), and that we should still consider this important since (1) Camo doesn't run in docker-zulip, so a lot of 4.0 servers are still affected and (2) inability to read old content before the Camo changes is important in its own right. |
This was fixed upstream react-native-webview/react-native-webview#1466, which we pulled in in 945848d. Closing. |
Hmm, are you sure this has been fixed? Your screenshot at the top of the issue was from 2021-05-06, and the release containing 945848d, v27.155, went out on 2020-09-23. |
Ah, makes sense. I'm pretty sure it's been fixed, since editing the HTML-creation code to add Thanks for catching that! |
Great, thanks for that investigation! Indeed, the |
As we determined in the issue thread.
Loading a inline image with a invalid HTTPS cert causes the following:
While this doesn't appear to have ever happened in the wild in Sentry (???), and changes in Camo in 4.0 will make it impossible for people to construct messages like this in the future, we should still fix it for the sake of being able to view existing messages.
#integrations > create svg will repro this.
(marking a-Android, since I don't think this would affect iOS, and P1 since it's a DoS vector on pre-
6b7a3fb74
servers.)The text was updated successfully, but these errors were encountered: