search

signalapp / Signal-Desktop

A private messenger for Windows, macOS, and Linux.
https://signal.org/download
GNU Affero General Public License v3.0
14.16k stars 2.57k forks source link

Why are JS and APK files not allowed? #6890

Closed ghost closed 1 month ago

ghost commented 1 month ago

Using a supported version?

Overall summary

.js and .apk can't be sent: "Attachment type not allowed for security reasons". So, just because some JS/APK files can be dangerous, you're blocking all of them? Also, this is very easy to bypass by just renaming the file or putting it in an archive. Still annoying to do, though.

Steps to reproduce

  1. Try to download/upload an .apk or .js file

Expected result

The file is downloaded/uploaded.

Actual result

The file is not downloaded/uploaded.

Screenshots

No response

Signal version

7.10.0

Operating system

Linux 64-bit

Version of Signal on your phone

Irrelevant

Link to debug log

No response

scottnonnenberg-signal commented 1 month ago

Hi there - thanks for your interest on this. Our attachment type limitations have already been discussed quite a bit here: https://github.com/signalapp/Signal-Desktop/issues/3849

ghost commented 2 weeks ago

Patch available here (Linux only though).