Add unfurling of URLs in chats #4606
Comments
|
I've just started working on this. |
|
I think it's a very real security concern, and it would have to be done client-side unless Status served the content. Would it be a better idea to keep it as a setting? ie. "automatically generate previews" |
|
Yeah, this would need to be done on the client-side. Hopefully the library we end up using for this does what it can to prevent any security issues arising from generating a preview from any random site (maybe starting by whitelisting safe sites). cc @adambabik regarding security |
|
Yeah @pombeirp I think it'd be best to start off with a list of the common social sites (Twitter, YouTube, Facebook, Spotify, etc) and go from there. Another question is about the UX scope - are we fine with including the following?
|
|
Ping @andmironov for design |
|
Do we want to unfurl any URL on the client side? So, I will send a link to a public channel and now each client will make a call (or more calls) to get details about the content of link? And some random site will know IPs of many Status users? I don't think it's a good idea. I hate that stuff actually. I think we can do better and do unfurling only when a user requests for that by taping a button or something. |
|
@adambabik so what do we think of the following: an option about loading link previews that is either an on/off or something like "for trusted sites only" vs "never" |
|
@liamzebedee personally, I would love to have it disabled by default but have an option to preview each link. Maybe something similar to how Slack is doing that? E.g. I get a link from https://github.com for the first time and there is a message below saying "(1) always preload from https://github.com, (2) preload this time, (3) never preload" and my answer is remembered. We can, of course, fill in the list of trusted URLs by default with some common websites. Also, there must be a way to remove already whitelisted URLs.
|
|
@liamzebedee are you still working on this? |
|
@andytudhope no not anymore! |
|
@pombeirp Seems like there was a bit of back and forth with what we'd do with this option, any finality / clarity around scope on this one if it's still being considered for a bounty. |
|
I think if we do it like the Messages app in Android, where it just adds a "Generate Preview" button to unfurl on-demand, it would be less contentious. |
|
@pombeirp Cleaning up the bounty tracking board. Is this still relevant for bounties, and being worked on? If so, It needs a bounty. |
|
@thecyberd3m0n nah, nothing missed - just on our side :) You're approved so let us know if you have any questions. Thanks! |
|
it will take me about the week |
|
Sounds good. |
|
@thecyberd3m0n Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!
Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days |
|
@gitcoinbot yes |
|
my current version from develop can't build I did like documentation describes Any suggestions what can I do wrong? OS: KDE Neon Linux x64 5.** |
|
@thecyberd3m0n the desktop build is behind mobile atm, you should develop from android or iOS |
|
ok I'm sorry, but I had failed to do this task (due to lack of ClosureJS knowledge) |
|
@thecyberd3m0n what did you try at this point? did you find a suitable js or react-native library for url unfurling? |
|
I didn't try to find unfurling library (my approach was to GET it as it is and just read html's metadata, started by oc). But I failed to do also this, due to unknown language (I thought it was JS or TS). I'm highly unfamiliar with CJS (like, see this first time, and didn't even know such language exists :) I dismissed this task at gitcoin side so others can join it. |
|
@thecyberd3m0n clojurescript is an amazing and quite simple language, if you want to try it out and need guidance as of where to start you can join #status-core channel on status. |
|
Thanks for opting out on Gitcoin for us @thecyberd3m0n - if you have any feedback on the clarity of the gitcoin posting I'm happy to hear it. And thanks @yenda for helping to trouble shoot. I'm going to let this one drop for now, as it's not a real priority. |
|
I need tasks in known environments, where I can put predictable amount of time to get the results. Unfortunately, learning whole new environment is not one of them :( I'm trying to earn more while already having commercial contracts. I'm not saying it's bad, I'm just total noob in it, seeing it first time, and can't afford time for learning such a lot about it. Still, thanks for support and big sorry for taking your time. |
|
@rachelhamlin Would this one be a priority? If so, I'm ready to start work on it right away and not afraid to dig into the framework and learn all about it. |
|
@rachelhamlin Alright, I'll gladly take both of them. Thanks! |
|
@ScyDev I'll put a price on them and invite you - they both look small to me but will be good to get you started. Welcome aboard! Edit: update - Gitcoin is not recognizing that Metamask is unlocked and is preventing me from creating bounties...I'm going to put each of them at 60 DAI though, so you're aware. Will try again later. |
|
@rachelhamlin Thanks! I've been trying to get in touch with you through Status. Is there a Discord or Slack channel for easier discussion? |
|
@ScyDev oh, sorry about that! I've been on and off chat today. Just got your Status messages, we can chat there :) |
|
Issue Status: 1. Open 2. Started 3. Submitted 4. Done Workers have applied to start work. These users each claimed they can complete the work by 4 months, 2 weeks from now. 1) jezsmith720 has applied to start work (Funders only: approve worker | reject worker). Shouldn't be a problem, I would like to work on this if it is still open? Cheers. Learn more on the Gitcoin Issue Details page. |
|
@errorists I believe you already have designs for this. Could you add these here or create a new issue? |
|
yes, the chat part is here and the settings part is here This needs to be discussed with regards of security policy and technical feasibility. The security notice I used there also needs an update. |
|
Closed in favor of #11158 |
|
Issue Status: 1. Open 2. Cancelled The funding of 250.0 DAI (250.0 USD @ $1.0/DAI) attached to this issue has been cancelled by the bounty submitter
|
User Story
As a user, I want the app to unfurl URLs so that I can easily see what they refer to without needing to open the URL.
Description
Type: Feature
Summary: If another user shares a URL with me (maybe from a 3rd party app), it would be great if I could see the summary of the content of the URL so I have a quick idea of what it's about.
Expected behavior
Acceptance Criteria
http://orhttps://are unfurled on the receiving client sideSecurity implications
We have to think about the security implications if we do this on the client side (will it be acceptable to access a random URL which might leak metadata about us?)
The text was updated successfully, but these errors were encountered: