replies include a copy of text that some users might not be allowed to see #8645
Comments
|
Note this is also reported as a spec issue: https://github.com/matrix-org/matrix-doc/issues/1654 |
lampholder
added
T-Defect
P2
S-Minor
|
The text of the message is copied into the fallback message body; if we didn't do that (and relied on riot/other clients fishing out the message body from the event reference) then we'd be fine. It's been a while, so I can't remember exactly when we can stop populating the fallback - I expect it's when all clients have/have been given enough warning to implement replies, and when bridges have also been updated to handle replies properly. |
Never, as the spec is currently written (nothing stopping us from changing that in the future though). |
|
Closing in favour of the spec issue |
When making a reply, the text of the message replied to is copied in the reply. If a user can read the reply, but is not supposed to see the original message (e.g. due to history settings or due to the user purposely not being sent decryption keys), this leaks the original message to the user who is otherwise unable to read it.
The text was updated successfully, but these errors were encountered: