We should check whether the IDs are thick - it protects us against an attacker who could try to create operations referencing thin thread entities.
https://linear.app/comm/issue/ENG-9826/validate-the-ids-from-the-dm-operations
Depends on D13848
Differential D13858
[lib] Validate IDs in DM operations tomek on Mon, Nov 4, 6:47 AM. Authored by
Details We should check whether the IDs are thick - it protects us against an attacker who could try to create operations referencing thin thread entities. https://linear.app/comm/issue/ENG-9826/validate-the-ids-from-the-dm-operations Depends on D13848 Tested a couple of scenarios:
In the cases where another message was a target, tested that it works for both text and edit thread settings messages.
Diff Detail
|