Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mark file:// and sftp:// links in messages as url in Riot chat log #4457

Closed
MurzNN opened this issue Jun 28, 2017 · 17 comments · Fixed by matrix-org/matrix-react-sdk#11215
Closed
Assignees

Comments

@MurzNN
Copy link
Contributor

MurzNN commented Jun 28, 2017

Our company have private local file storage and very often exchange links to files and folders, for example file://mnt/share/project1/file2.odt.

Many messengers convert this links to url via <a href="file://mnt/share/project1/file2.odt"> and we can open those files directly via single click.

Same problem is with sftp links - url like sftp://user:pass@example.com/path/to/file.txt breaks to parts:
sftp://user:pass@example.com/path/to/file.txt
instead of:
sftp://user:pass@example.com/path/to/file.txt

Please add same behavior to Riot-web interface.

@lampholder
Copy link
Member

It looks like Riot highlights file://stuff/stuff/stuff.txt as a link, but then clicking it doesn't follow the link.

@MurzNN are you just asking for following file:// links to be enabled?

@lampholder
Copy link
Member

Are there any considerations here? Any reasons we wouldn't want to do this?

@lukebarnard1
Copy link
Contributor

lukebarnard1 commented Jul 3, 2017

Chome blocks access to local files and other browsers probably do the same.

https://stackoverflow.com/a/39007324

@turt2live
Copy link
Member

Browser security may play a factor into the link not working, or result in unreliable functionality.

Electron might be able to leverage OS things more easily, but still might be subject to security policies.

I'm not 100% sure though. Just seems like something Chrome would prevent at the least.

@MurzNN
Copy link
Contributor Author

MurzNN commented Jul 3, 2017

Here is screenshot of tests with file:// links from Riot.im website: http://i.imgur.com/OfHUqQy.png
So all other types of link are detected and converted to <a href=...> but file:// - not.
The problem can be solved via adding file:// scheme to url detection rules.

Problem with not-working file:// links in browsers easily solved via extensions or via pre-configured enterprise settings:

So from Riot side - we must only convert file://... links to <a href="file://...>file://...</a> html code - that's all.

@MurzNN
Copy link
Contributor Author

MurzNN commented Jul 11, 2017

@lampholder, can you point me to place in Riot code where plaintext message is converting to <a href> links? I'll try to add file:// detection in this function.

I have found similar place in pre-compiled bundles/406deb16788d2085050e/bundle.js file:

allowedSchemes:["http","https","ftp","mailto"]

But can't find this code in git sources.

@lukebarnard1
Copy link
Contributor

lukebarnard1 commented Jul 11, 2017

@MurzNN a lot of logic for Riot lives in https://github.com/matrix-org/matrix-react-sdk. You're looking for HtmlUtils.js

Edit: Interestingly, it seems that the extra / is important. Riot will highlight if there are only two slashes //, but not three...

linkifyjs is the npm package we use to take plain text bodies and replace URLs with <a> tags. But http-sanitize is the library that might be disallowing links with file:/// as their protocol (and allowing file://)

Update: I've discovered that the difference is the number of / and the library causing the issue is linkify itself.:

> const lfy = require('linkifyjs');
undefined
...
> lfy.find('file:///test');
[]
> lfy.find('file://test');
[ { type: 'url', value: 'file://test', href: 'file://test' } ]

@MurzNN
Copy link
Contributor Author

MurzNN commented Jul 11, 2017

@lukebarnard1 thanks for the info, so seems the issue is in linkifyjs - nfrasser/linkifyjs#171
Hope they will fix it

@MurzNN
Copy link
Contributor Author

MurzNN commented Jul 12, 2017

And from Riot side there are create them clickable in riot-web electron app. At now riot converts links like file://C:/windows_3.11/roadmap.txt to url - they works well in browser, but not clickable when I click in electron app. Can we fix this now, and make open file by link in riot-web electron app?

@lukebarnard1
Copy link
Contributor

not clickable when I click in electron app

I'm guessing this is because your extensions aren't running in the context of electron (and they can't - electron/electron#1498)

@MurzNN
Copy link
Contributor Author

MurzNN commented Jul 14, 2017

Same problem is with sftp links - url like sftp://user:pass@example.com/path/to/file.txt breaks to parts:
sftp://user:pass@example.com/path/to/file.txt
instead of:
sftp://user:pass@example.com/path/to/file.txt
For ftp:// links all works well.
Fix for both problems will be the same, so I add this to issue title.

@MurzNN MurzNN changed the title Mark file:// links in messages as url in Riot chat log Mark file:// and sftp:// links in messages as url in Riot chat log Jul 14, 2017
@MurzNN
Copy link
Contributor Author

MurzNN commented Jul 31, 2017

Here is solution how to fix open local files in Elecron app: https://stackoverflow.com/a/33425619, so typing in Riot app console on Linux commands:

const {shell} = require('electron');
shell.openItem('file:///etc/issue');
  • successfully executes file opening process via default application for this file type.

@MurzNN
Copy link
Contributor Author

MurzNN commented Jul 31, 2017

Seems here https://github.com/matrix-org/matrix-react-sdk/blob/master/src/components/views/messages/TextualBody.js#L82 is the place where plain text converts to html with links.

@aaronraimist
Copy link
Collaborator

This is the current behavior (although #8720 wants to unlinkify them)

@t3chguy
Copy link
Member

t3chguy commented Sep 21, 2020

successfully executes file opening process via default application for this file type.

Sure but what if that default action would be executing an executable, or opening a virus, this has many security implications

@MurzNN
Copy link
Contributor Author

MurzNN commented Sep 21, 2020

If user want to execute a virus, he can download it and open via double click, what is the difference? At now, for open file://path/to/file.txt we need every day to do manually copy url to clipboard, and paste it into filemanager.

So Element-Web only need to linkify those links, all other job will be done in browser.

For example, Firefox works well for those links - it asks user what to do: open file directly, or download it to Downloads folder, and this is very useful feature! Did you think, that Firefox doesn't care about security, if still not disable this feature?

But Chromium family browsers historically miss this feature, and have many upvotes for implement it: https://bugs.chromium.org/p/chromium/issues/detail?id=333&q=open%20file%20download&can=2&sort=-stars

@MurzNN
Copy link
Contributor Author

MurzNN commented Sep 21, 2020

I checked this feature, at now Element-Web successfully linkify "file://" links, but linkify badly "sftp://" links:
image

@t3chguy t3chguy self-assigned this Jul 10, 2023
su-ex added a commit to SchildiChat/element-desktop that referenced this issue Feb 24, 2024
* Fixes for [CVE-2023-37259](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-37259) / [GHSA-c9vx-2g7w-rp65](GHSA-c9vx-2g7w-rp65)
* Deprecate customisations in favour of Module API ([\#25736](element-hq/element-web#25736)). Fixes element-hq/element-web#25733.
* OIDC: store initial screen in session storage  ([\#25688](element-hq/element-web#25688)). Fixes element-hq/element-web#25656. Contributed by @kerryarchibald.
* Allow default_server_config as a fallback config ([\#25682](element-hq/element-web#25682)). Contributed by @ShadowRZ.
* OIDC: remove auth params from url after login attempt ([\#25664](element-hq/element-web#25664)). Contributed by @kerryarchibald.
* feat(faq): remove keyboard shortcuts button ([\#9342](matrix-org/matrix-react-sdk#9342)). Fixes element-hq/element-web#22625. Contributed by @gefgu.
* GYU: Update banner ([\#11211](matrix-org/matrix-react-sdk#11211)). Fixes element-hq/element-web#25530. Contributed by @justjanne.
* Linkify mxc:// URLs as links to your media repo ([\#11213](matrix-org/matrix-react-sdk#11213)). Fixes element-hq/element-web#6942.
* OIDC: Log in ([\#11199](matrix-org/matrix-react-sdk#11199)). Fixes element-hq/element-web#25657. Contributed by @kerryarchibald.
* Handle all permitted url schemes in linkify ([\#11215](matrix-org/matrix-react-sdk#11215)). Fixes element-hq/element-web#4457 and element-hq/element-web#8720.
* Autoapprove Element Call oidc requests ([\#11209](matrix-org/matrix-react-sdk#11209)). Contributed by @toger5.
* Allow creating knock rooms ([\#11182](matrix-org/matrix-react-sdk#11182)). Contributed by @charlynguyen.
* Expose and pre-populate thread ID in devtools dialog ([\#10953](matrix-org/matrix-react-sdk#10953)).
* Hide URL preview if it will be empty ([\#9029](matrix-org/matrix-react-sdk#9029)).
* Change wording from avatar to profile picture ([\#7015](matrix-org/matrix-react-sdk#7015)). Fixes element-hq/element-meta#1331. Contributed by @aaronraimist.
* Quick and dirty devtool to explore state history ([\#11197](matrix-org/matrix-react-sdk#11197)).
* Consider more user inputs when calculating zxcvbn score ([\#11180](matrix-org/matrix-react-sdk#11180)).
* GYU: Account Notification Settings ([\#11008](matrix-org/matrix-react-sdk#11008)). Fixes element-hq/element-web#24567. Contributed by @justjanne.
* Compound Typography pass ([\#11103](matrix-org/matrix-react-sdk#11103)). Fixes element-hq/element-web#25548.
* OIDC: navigate to authorization endpoint ([\#11096](matrix-org/matrix-react-sdk#11096)). Fixes element-hq/element-web#25574. Contributed by @kerryarchibald.
* Fix read receipt sending behaviour around thread roots ([\#3600](matrix-org/matrix-js-sdk#3600)).
* Fix missing metaspace notification badges ([\#11269](matrix-org/matrix-react-sdk#11269)). Fixes element-hq/element-web#25679.
* Make checkboxes less rounded ([\#11224](matrix-org/matrix-react-sdk#11224)). Contributed by @andybalaam.
* GYU: Fix issues with audible keywords without activated mentions ([\#11218](matrix-org/matrix-react-sdk#11218)). Contributed by @justjanne.
* PosthogAnalytics unwatch settings on logout ([\#11207](matrix-org/matrix-react-sdk#11207)). Fixes element-hq/element-web#25703.
* Avoid trying to set room account data for pinned events as guest ([\#11216](matrix-org/matrix-react-sdk#11216)). Fixes element-hq/element-web#6300.
* GYU: Disable sound for DMs checkbox when DM notifications are disabled ([\#11210](matrix-org/matrix-react-sdk#11210)). Contributed by @justjanne.
* force to allow calls without video and audio in embedded mode ([\#11131](matrix-org/matrix-react-sdk#11131)). Contributed by @EnricoSchw.
* Fix room tile text clipping ([\#11196](matrix-org/matrix-react-sdk#11196)). Fixes element-hq/element-web#25718.
* Handle newlines in user pills ([\#11166](matrix-org/matrix-react-sdk#11166)). Fixes element-hq/element-web#10994.
* Limit width of user menu in space panel ([\#11192](matrix-org/matrix-react-sdk#11192)). Fixes element-hq/element-web#22627.
* Add isLocation to ComposerEvent analytics events ([\#11187](matrix-org/matrix-react-sdk#11187)). Contributed by @andybalaam.
* Fix: hide unsupported login elements ([\#11185](matrix-org/matrix-react-sdk#11185)). Fixes element-hq/element-web#25711. Contributed by @kerryarchibald.
* Scope smaller font size to user info panel ([\#11178](matrix-org/matrix-react-sdk#11178)). Fixes element-hq/element-web#25683.
* Apply i18n to strings in the html export ([\#11176](matrix-org/matrix-react-sdk#11176)).
* Inhibit url previews on MXIDs containing slashes same as those without ([\#11160](matrix-org/matrix-react-sdk#11160)).
* Make event info size consistent with state events ([\#11181](matrix-org/matrix-react-sdk#11181)).
* Fix markdown content spacing ([\#11177](matrix-org/matrix-react-sdk#11177)). Fixes element-hq/element-web#25685.
* Fix font-family definition for emojis ([\#11170](matrix-org/matrix-react-sdk#11170)). Fixes element-hq/element-web#25686.
* Fix spurious error sending receipt in thread errors ([\#11157](matrix-org/matrix-react-sdk#11157)).
* Consider the empty push rule actions array equiv to deprecated dont_notify ([\#11155](matrix-org/matrix-react-sdk#11155)). Fixes element-hq/element-web#25674.
* Only trap escape key for cancel reply if there is a reply ([\#11140](matrix-org/matrix-react-sdk#11140)). Fixes element-hq/element-web#25640.
* Update linkify to 4.1.1 ([\#11132](matrix-org/matrix-react-sdk#11132)). Fixes element-hq/element-web#23806.
su-ex added a commit to SchildiChat/element-web that referenced this issue Feb 24, 2024
* Fixes for [CVE-2023-37259](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-37259) / [GHSA-c9vx-2g7w-rp65](GHSA-c9vx-2g7w-rp65)
* Deprecate customisations in favour of Module API ([\element-hq#25736](element-hq#25736)). Fixes element-hq#25733.
* OIDC: store initial screen in session storage  ([\element-hq#25688](element-hq#25688)). Fixes element-hq#25656. Contributed by @kerryarchibald.
* Allow default_server_config as a fallback config ([\element-hq#25682](element-hq#25682)). Contributed by @ShadowRZ.
* OIDC: remove auth params from url after login attempt ([\element-hq#25664](element-hq#25664)). Contributed by @kerryarchibald.
* feat(faq): remove keyboard shortcuts button ([\element-hq#9342](matrix-org/matrix-react-sdk#9342)). Fixes element-hq#22625. Contributed by @gefgu.
* GYU: Update banner ([\element-hq#11211](matrix-org/matrix-react-sdk#11211)). Fixes element-hq#25530. Contributed by @justjanne.
* Linkify mxc:// URLs as links to your media repo ([\element-hq#11213](matrix-org/matrix-react-sdk#11213)). Fixes element-hq#6942.
* OIDC: Log in ([\element-hq#11199](matrix-org/matrix-react-sdk#11199)). Fixes element-hq#25657. Contributed by @kerryarchibald.
* Handle all permitted url schemes in linkify ([\element-hq#11215](matrix-org/matrix-react-sdk#11215)). Fixes element-hq#4457 and element-hq#8720.
* Autoapprove Element Call oidc requests ([\element-hq#11209](matrix-org/matrix-react-sdk#11209)). Contributed by @toger5.
* Allow creating knock rooms ([\#11182](matrix-org/matrix-react-sdk#11182)). Contributed by @charlynguyen.
* Expose and pre-populate thread ID in devtools dialog ([\element-hq#10953](matrix-org/matrix-react-sdk#10953)).
* Hide URL preview if it will be empty ([\element-hq#9029](matrix-org/matrix-react-sdk#9029)).
* Change wording from avatar to profile picture ([\element-hq#7015](matrix-org/matrix-react-sdk#7015)). Fixes element-hq/element-meta#1331. Contributed by @aaronraimist.
* Quick and dirty devtool to explore state history ([\element-hq#11197](matrix-org/matrix-react-sdk#11197)).
* Consider more user inputs when calculating zxcvbn score ([\element-hq#11180](matrix-org/matrix-react-sdk#11180)).
* GYU: Account Notification Settings ([\element-hq#11008](matrix-org/matrix-react-sdk#11008)). Fixes element-hq#24567. Contributed by @justjanne.
* Compound Typography pass ([\element-hq#11103](matrix-org/matrix-react-sdk#11103)). Fixes element-hq#25548.
* OIDC: navigate to authorization endpoint ([\#11096](matrix-org/matrix-react-sdk#11096)). Fixes element-hq#25574. Contributed by @kerryarchibald.
* Fix read receipt sending behaviour around thread roots ([\element-hq#3600](matrix-org/matrix-js-sdk#3600)).
* Fix missing metaspace notification badges ([\element-hq#11269](matrix-org/matrix-react-sdk#11269)). Fixes element-hq#25679.
* Make checkboxes less rounded ([\element-hq#11224](matrix-org/matrix-react-sdk#11224)). Contributed by @andybalaam.
* GYU: Fix issues with audible keywords without activated mentions ([\element-hq#11218](matrix-org/matrix-react-sdk#11218)). Contributed by @justjanne.
* PosthogAnalytics unwatch settings on logout ([\element-hq#11207](matrix-org/matrix-react-sdk#11207)). Fixes element-hq#25703.
* Avoid trying to set room account data for pinned events as guest ([\element-hq#11216](matrix-org/matrix-react-sdk#11216)). Fixes element-hq#6300.
* GYU: Disable sound for DMs checkbox when DM notifications are disabled ([\element-hq#11210](matrix-org/matrix-react-sdk#11210)). Contributed by @justjanne.
* force to allow calls without video and audio in embedded mode ([\element-hq#11131](matrix-org/matrix-react-sdk#11131)). Contributed by @EnricoSchw.
* Fix room tile text clipping ([\element-hq#11196](matrix-org/matrix-react-sdk#11196)). Fixes element-hq#25718.
* Handle newlines in user pills ([\element-hq#11166](matrix-org/matrix-react-sdk#11166)). Fixes element-hq#10994.
* Limit width of user menu in space panel ([\element-hq#11192](matrix-org/matrix-react-sdk#11192)). Fixes element-hq#22627.
* Add isLocation to ComposerEvent analytics events ([\element-hq#11187](matrix-org/matrix-react-sdk#11187)). Contributed by @andybalaam.
* Fix: hide unsupported login elements ([\element-hq#11185](matrix-org/matrix-react-sdk#11185)). Fixes element-hq#25711. Contributed by @kerryarchibald.
* Scope smaller font size to user info panel ([\element-hq#11178](matrix-org/matrix-react-sdk#11178)). Fixes element-hq#25683.
* Apply i18n to strings in the html export ([\element-hq#11176](matrix-org/matrix-react-sdk#11176)).
* Inhibit url previews on MXIDs containing slashes same as those without ([\element-hq#11160](matrix-org/matrix-react-sdk#11160)).
* Make event info size consistent with state events ([\element-hq#11181](matrix-org/matrix-react-sdk#11181)).
* Fix markdown content spacing ([\element-hq#11177](matrix-org/matrix-react-sdk#11177)). Fixes element-hq#25685.
* Fix font-family definition for emojis ([\element-hq#11170](matrix-org/matrix-react-sdk#11170)). Fixes element-hq#25686.
* Fix spurious error sending receipt in thread errors ([\element-hq#11157](matrix-org/matrix-react-sdk#11157)).
* Consider the empty push rule actions array equiv to deprecated dont_notify ([\element-hq#11155](matrix-org/matrix-react-sdk#11155)). Fixes element-hq#25674.
* Only trap escape key for cancel reply if there is a reply ([\element-hq#11140](matrix-org/matrix-react-sdk#11140)). Fixes element-hq#25640.
* Update linkify to 4.1.1 ([\element-hq#11132](matrix-org/matrix-react-sdk#11132)). Fixes element-hq#23806.
su-ex added a commit to SchildiChat/matrix-react-sdk that referenced this issue Feb 24, 2024
* Fixes for [CVE-2023-37259](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-37259) / [GHSA-c9vx-2g7w-rp65](GHSA-c9vx-2g7w-rp65)
* GYU: Update banner ([\matrix-org#11211](matrix-org#11211)). Fixes element-hq/element-web#25530. Contributed by @justjanne.
* Linkify mxc:// URLs as links to your media repo ([\matrix-org#11213](matrix-org#11213)). Fixes element-hq/element-web#6942.
* OIDC: Log in ([\matrix-org#11199](matrix-org#11199)). Fixes element-hq/element-web#25657. Contributed by @kerryarchibald.
* Handle all permitted url schemes in linkify ([\matrix-org#11215](matrix-org#11215)). Fixes element-hq/element-web#4457 and element-hq/element-web#8720.
* Autoapprove Element Call oidc requests ([\matrix-org#11209](matrix-org#11209)). Contributed by @toger5.
* Allow creating knock rooms ([\matrix-org#11182](matrix-org#11182)). Contributed by @charlynguyen.
* feat(faq): remove keyboard shortcuts button ([\matrix-org#9342](matrix-org#9342)). Fixes element-hq/element-web#22625. Contributed by @gefgu.
* Expose and pre-populate thread ID in devtools dialog ([\matrix-org#10953](matrix-org#10953)).
* Hide URL preview if it will be empty ([\matrix-org#9029](matrix-org#9029)).
* Change wording from avatar to profile picture ([\matrix-org#7015](matrix-org#7015)). Fixes element-hq/element-meta#1331. Contributed by @aaronraimist.
* Quick and dirty devtool to explore state history ([\matrix-org#11197](matrix-org#11197)).
* Consider more user inputs when calculating zxcvbn score ([\matrix-org#11180](matrix-org#11180)).
* GYU: Account Notification Settings ([\matrix-org#11008](matrix-org#11008)). Fixes element-hq/element-web#24567. Contributed by @justjanne.
* Compound Typography pass ([\matrix-org#11103](matrix-org#11103)). Fixes element-hq/element-web#25548.
* OIDC: navigate to authorization endpoint ([\matrix-org#11096](matrix-org#11096)). Fixes element-hq/element-web#25574. Contributed by @kerryarchibald.
* Fix missing metaspace notification badges ([\matrix-org#11269](matrix-org#11269)). Fixes element-hq/element-web#25679.
* Make checkboxes less rounded ([\matrix-org#11224](matrix-org#11224)). Contributed by @andybalaam.
* GYU: Fix issues with audible keywords without activated mentions ([\matrix-org#11218](matrix-org#11218)). Contributed by @justjanne.
* PosthogAnalytics unwatch settings on logout ([\matrix-org#11207](matrix-org#11207)). Fixes element-hq/element-web#25703.
* Avoid trying to set room account data for pinned events as guest ([\matrix-org#11216](matrix-org#11216)). Fixes element-hq/element-web#6300.
* GYU: Disable sound for DMs checkbox when DM notifications are disabled ([\matrix-org#11210](matrix-org#11210)). Contributed by @justjanne.
* force to allow calls without video and audio in embedded mode ([\matrix-org#11131](matrix-org#11131)). Contributed by @EnricoSchw.
* Fix room tile text clipping ([\matrix-org#11196](matrix-org#11196)). Fixes element-hq/element-web#25718.
* Handle newlines in user pills ([\matrix-org#11166](matrix-org#11166)). Fixes element-hq/element-web#10994.
* Limit width of user menu in space panel ([\matrix-org#11192](matrix-org#11192)). Fixes element-hq/element-web#22627.
* Add isLocation to ComposerEvent analytics events ([\matrix-org#11187](matrix-org#11187)). Contributed by @andybalaam.
* Fix: hide unsupported login elements ([\matrix-org#11185](matrix-org#11185)). Fixes element-hq/element-web#25711. Contributed by @kerryarchibald.
* Scope smaller font size to user info panel ([\matrix-org#11178](matrix-org#11178)). Fixes element-hq/element-web#25683.
* Apply i18n to strings in the html export ([\matrix-org#11176](matrix-org#11176)).
* Inhibit url previews on MXIDs containing slashes same as those without ([\matrix-org#11160](matrix-org#11160)).
* Make event info size consistent with state events ([\matrix-org#11181](matrix-org#11181)).
* Fix markdown content spacing ([\matrix-org#11177](matrix-org#11177)). Fixes element-hq/element-web#25685.
* Fix font-family definition for emojis ([\matrix-org#11170](matrix-org#11170)). Fixes element-hq/element-web#25686.
* Fix spurious error sending receipt in thread errors ([\matrix-org#11157](matrix-org#11157)).
* Consider the empty push rule actions array equiv to deprecated dont_notify ([\matrix-org#11155](matrix-org#11155)). Fixes element-hq/element-web#25674.
* Only trap escape key for cancel reply if there is a reply ([\matrix-org#11140](matrix-org#11140)). Fixes element-hq/element-web#25640.
* Update linkify to 4.1.1 ([\matrix-org#11132](matrix-org#11132)). Fixes element-hq/element-web#23806.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

7 participants