Enhance media protections #516
Conversation
src/protections/MessageIsMedia.ts
Outdated
| @@ -35,10 +35,11 @@ export class MessageIsMedia extends Protection { | |||
|
|
|||
| public async handleEvent(mjolnir: Mjolnir, roomId: string, event: any): Promise<any> { | |||
| if (event['type'] === 'm.room.message') { | |||
| const content = event['content'] || {}; | |||
| let content = event['content'] || {}; | |||
| content = content?.["m.new_content"] ?? content; | |||
There was a problem hiding this comment.
we should probably also check m.relates_to to ensure we're actually looking at an edit here. The risk being that someone decides to send partially malformed events to trick Mjolnir into (dis)allowing something which is still rendered to users.
There was a problem hiding this comment.
So we can assume it's an edit if there is both an m.new_content and an m.relates_to field?
There was a problem hiding this comment.
m.relates_to can mean many things, but inspecting it should tell us if it's an edit. In practice this means ensuring the m.relates_to rel_type is m.replace, I think. There's a bunch of validity rules we should probably be checking too, but that might still have false negatives if the code isn't perfect (or someone finds a way to send something weird).
Co-authored-by: Travis Ralston <[email protected]>
As the title states.
Fixes #481