search

element-hq / element-web

A glossy Matrix collaboration client for the web.
https://element.io
GNU Affero General Public License v3.0
11.03k stars 1.96k forks source link

'failed to set user avatar' error dialog leaks access token #5139

Closed ara4n closed 6 years ago

t3chguy commented 7 years ago

leaks to what, Piwik?

ara4n commented 6 years ago

it leaks it to the user, in the error dialog.

t3chguy commented 6 years ago

It literally passes through err.message :L https://github.com/matrix-org/matrix-react-sdk/blob/6a53b7b149361d2d05ff6e435d46a9968aa6602d/src/components/structures/UserSettings.js#L424

t3chguy commented 6 years ago

what would be desired to show here, to still show a little bit of detail, should it just strip the Token?

t3chguy commented 6 years ago

leaks to what, Piwik?

seems like a dumb Q given title includes error dialog leaks but the Dialogs are what feed Piwik sooooo...