acheong08
commented
1 year ago That's annoying...
Will debug
Open winneratwin opened 1 year ago
acheong08
commented
1 year ago That's annoying...
Will debug
acheong08
commented
1 year ago line 1056 of main.js when ran through js-beautify
Where is this main.js?
winneratwin
commented
1 year ago Where is this main.js?
in the obsidian.asar file located at /usr/lib/obsidian/obsidian.asar on linux
extracted it using npx asar extract 1_4_11_app.asar 1_4_11_app.asar.out
acheong08
commented
1 year ago Weird that I only see app.js but not main.js.
winneratwin
commented
1 year ago this is the contents of the extracted asar for me
-rw-r--r-- 1 winner winner 392564 Sep 12 01:20 app.css
-rw-r--r-- 1 winner winner 5651151 Sep 12 01:45 app.js
-rw-r--r-- 1 winner winner 20713 Sep 12 01:52 enhance.js
-rw-r--r-- 1 winner winner 580 Sep 12 01:20 help.html
-rw-r--r-- 1 winner winner 299659 Sep 12 01:51 help.js
-rw-r--r-- 1 winner winner 29937 Sep 12 01:20 icon.png
-rw-r--r-- 1 winner winner 1269 Sep 12 01:20 index.html
drwxr-xr-x 6 winner winner 4096 Sep 12 01:20 lib
-rw-r--r-- 1 winner winner 43994 Sep 12 01:24 main.js
-rw-r--r-- 1 winner winner 320 Sep 12 01:20 package.json
-rw-r--r-- 1 winner winner 77 Sep 12 01:20 package-lock.json
drwxr-xr-x 4 winner winner 4096 Sep 12 01:20 public
drwxr-xr-x 5 winner winner 4096 Sep 12 01:20 sandbox
-rw-r--r-- 1 winner winner 17679 Sep 12 01:20 sim.js
-rw-r--r-- 1 winner winner 583 Sep 12 01:20 starter.html
-rw-r--r-- 1 winner winner 378050 Sep 12 01:25 starter.js
-rw-r--r-- 1 winner winner 225705 Sep 12 01:20 worker.jsAh. I was looking from electron's sources menu. Weird that it isn't included there.
acheong08
commented
1 year ago Considering this is already broken on mobile and there are no impediments to editing obsidian.asar directly on Desktop, I think that is a much easier solution than spending hours to patch it while limited to a plugin. It should be possible to make a GitHub workflow to automatically patch and release "vulnerable" versions of ObsidianMD
acheong08
commented
1 year ago Looks like they also intentionally added some code to detect when the websocket URL is wrong
acheong08
commented
1 year ago if (!HJ.call(u, ".obsidian.md") && "127.0.0.1" !== u)
return s(new Error("Unable to connect to server."));"Unable to connect to server". What a misleading error message...
acheong08
commented
1 year ago 
truongmanhsang
commented
1 year ago I think we need a separate tool to capture system request and return custom response 😆
ShiinaRinne
commented
12 months ago I think we need a separate tool to capture system request and return custom response 😆
This is my simple attempt using Fiddler at 1.4.13:
OnBeforeRequest
if(oSession.host.EndsWith("api.obsidian.md")){
oSession["ui-backcolor"] = "yellow";
oSession.fullUrl = oSession.fullUrl.Replace("api.obsidian.md", "example.com");
}Then manually enter this.host="api.obsidian.md" in the console before executing this function, so that it can continue working
Btw, I attempted this modification in OnBeforeResponse, but it did not take effect.
I haven't studied web and js, so I'm not sure what changes should be made, I hope that's helped
OnBeforeResponse
if(oSession.host.EndsWith("example. com")){
oSession["ui-backcolor"] = "blue";
oSession.host="api.obsidian.md";
oSession.fullUrl = oSession.fullUrl.Replace("example.com", "api.obsidian.md");
}@ShiinaRinne I'm currently working on https://github.com/acheong08/obi-sync-lib which should fix the issue.
It'll take a few weeks but once that is done, Obsidian should no longer be able to patch the plugin without causing significant issues with other legit plugins
line 1056 of main.js when ran through js-beautify
r being a function which returns !1