search

D0n9X1n / hexo-blog-encrypt

Yet, just another hexo plugin for security.
https://www.npmjs.com/package/hexo-blog-encrypt
MIT License
971 stars 101 forks source link

wrong_hash_message comes out for wrong passwords on iPadOS 14 Safari and Chrome #157

Closed liginity closed 3 years ago

liginity commented 3 years ago

Issue

When wrong passwords are input, instead of showing the wrong_pass_message, the wrong_hash_message comes out on iPadOS Safari and Chrome, and the content is just disordered code, when visiting posts on the demo website mhexo.github.io.

Expected Behavior

wrong_pass_message shows up.

Actual Behavior

wrong_hash_message shows up, and the content is just disordered code.

Steps to Reproduce the Problem

  1. use iPadOS 14 and Safari to one post of demo website mhexo.github.io.
  2. type wrong password for a post
  3. wrong_hash_message shows up.

Specifications

iPadOS 14, Safari or Chrome.

D0n9X1n commented 3 years ago

Confirm this bug. Looks like when giving a wrong password, cryptoObj.subtle.decrypt will try to continue instead of throwing a exception on Safari and Chrome.

Fix should be in this week.

D0n9X1n commented 3 years ago

Online demo has been updated, and you can try it again.

liginity commented 3 years ago

It is ok now with iPadOS 14 Safari and Chrome about the wrong_pass_message.

I notice that the post empty password now has no encryption effect.

D0n9X1n commented 3 years ago

Technically, this is as expacted. If a user doesn't set a password, then we should think that user has no intention to encrypt it.