You can't peek into public rooms you've been invited to

[lampholder]

On both Riot Web and Riot Android, previewing a public room you've been invited to doesn't peek the timeline.

On Riot Web at least this is particularly maddening - there's no way to peek into a public room you've been invited to without first declining your invite, then peeking.

[jryans]

@lampholder Is this a recent regression, or has it been that way for a while?

There's this comment from 3 years ago:

// We deliberately don't try to peek into invites, even if we have permission to peek
// as they could be a spam vector.
// XXX: in future we could give the option of a 'Preview' button which lets them view anyway.

[lampholder]

Oh, I think it's been this way for a while, and that comment makes it look like a considered decision.

Trying to understand this, I initially misinterpreted the 'spam vector' comment - I believe what it means is that auto-peeking would allow you to create a room and fill it with adverts for viagra/RFID tags/heavy blankets (or worse) and then people would unintentionally see that when trying to interact with the invitiation.

So yes, there should (functionally) be a 'Preview Button' that reveals the room's timeline (we might also consider hiding/otherwise obscuring images as well).

Fwiw the Android app does have such a button, but it still doesn't preview the timeline.

[ara4n]

Having thought about it, it is correct that we don't peek by default when invited to a peekable room, otherwise it's massive spam vector if I can't reject the invite without being forced to view whatever obnoxious content is in the room (or peeking into it).

So i think what this bug is actually asking for is (as tom says) a button you have to explicitly click, if available, to peek into peekable rooms from the invited page.

[ara4n]

https://github.com/vector-im/riot-ios/issues/2408 is the iOS twin of this, asking for us to /not/ peek by default.