lockbitchat
15173a9278
New privacy-focused messaging controls in the composer: - Code blocks: button wraps the message in a fenced block; both peers render a monospace code window with a copy button (clipboard auto-clears after ~30s). Window is built from sanitized text via React nodes — no new XSS surface. - View-once: recipient sees a blurred bubble, reveals on tap, then it is wiped. Honestly cooperative (not screenshot-proof). - Disappearing messages: optional 30s/5m/1h timer auto-deletes on both sides with a live countdown; incoming TTL clamped to [5s, 24h]. - Unsend (delete for everyone) via new MESSAGE_TYPES.message_delete control. - Panic wipe: clears chat, wipes keys and disconnects (behind a confirm). Transport: - Per-message metadata (id / view-once / timer) travels inside the encrypted envelope, not in the sanitized text, so content cannot spoof these controls. - _sanitizeMessageMeta whitelists + bounds metadata on send and receive. - AAD/replay protection, SAS gate and receive-side DOMPurify are unchanged. Adds tests/secure-chat-features.test.mjs (full suite: 17 files, all passing). Bumps version to 4.8.14 across package.json, package-lock.json, manifest.json, index.html, meta.json, README, SECURITY_DISCLAIMER, header and init banner.
10 lines
264 B
JSON
10 lines
264 B
JSON
{
|
|
"version": "1781829306093",
|
|
"buildVersion": "1781829306093",
|
|
"appVersion": "4.8.14",
|
|
"buildTime": "2026-06-19T00:35:06.138Z",
|
|
"buildId": "1781829306093-cf36656",
|
|
"gitHash": "cf36656",
|
|
"generated": true,
|
|
"generatedAt": "2026-06-19T00:35:06.139Z"
|
|
} |