Reply is highlighted even without actual mention when MXID substring matches username #11132
Comments
|
Highlights are calculated server side, not in riot |
|
I haven't tested it, but the issue may probably also arise when someone's username is an infix of someone else's username:
|
|
I think it's more of a matrix spec thing |
|
Closing in favour of #7874 |
#7874 looks like a different issue in which messages contain pings hidden in the reply chain. The current issue is about the way mentions are being matched incorrectly in the body field. In the given example, Alice gets notified even though no actual mention of her has ever been sent by anyone. Please re-open. |
|
Ah, well: in that case you need to adjust your notification preferences. Disable notifications for your username in settings, not just your display name. I recommend using keywords instead of the default options (it's how I survive). Unfortunately notifications are complicated, but this is working as intended. |
|
The same problem appears with user-defined keywords too: they're still generating highlights/notifications when present in someone else's MXID. I think that MXIDs strings should be excluded when scanning messages for mentions using strings. It makes no sense to try to find a substring in those as they already are explicit mentions as a whole. Is there any chance to have the specification fixed for this? |
pacien
changed the title
|
The specification could be fixed, yes. It's a well known issue to the whole team that notifications are a bit annoying to handle. If an issue doesn't exist already, please open one on matrix-doc |
* Fixes for [CVE-2023-37259](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-37259) / [GHSA-c9vx-2g7w-rp65](GHSA-c9vx-2g7w-rp65) * Deprecate customisations in favour of Module API ([\element-hq#25736](element-hq#25736)). Fixes element-hq#25733. * OIDC: store initial screen in session storage ([\element-hq#25688](element-hq#25688)). Fixes element-hq#25656. Contributed by @kerryarchibald. * Allow default_server_config as a fallback config ([\element-hq#25682](element-hq#25682)). Contributed by @ShadowRZ. * OIDC: remove auth params from url after login attempt ([\element-hq#25664](element-hq#25664)). Contributed by @kerryarchibald. * feat(faq): remove keyboard shortcuts button ([\element-hq#9342](matrix-org/matrix-react-sdk#9342)). Fixes element-hq#22625. Contributed by @gefgu. * GYU: Update banner ([\element-hq#11211](matrix-org/matrix-react-sdk#11211)). Fixes element-hq#25530. Contributed by @justjanne. * Linkify mxc:// URLs as links to your media repo ([\element-hq#11213](matrix-org/matrix-react-sdk#11213)). Fixes element-hq#6942. * OIDC: Log in ([\element-hq#11199](matrix-org/matrix-react-sdk#11199)). Fixes element-hq#25657. Contributed by @kerryarchibald. * Handle all permitted url schemes in linkify ([\element-hq#11215](matrix-org/matrix-react-sdk#11215)). Fixes element-hq#4457 and element-hq#8720. * Autoapprove Element Call oidc requests ([\element-hq#11209](matrix-org/matrix-react-sdk#11209)). Contributed by @toger5. * Allow creating knock rooms ([\#11182](matrix-org/matrix-react-sdk#11182)). Contributed by @charlynguyen. * Expose and pre-populate thread ID in devtools dialog ([\element-hq#10953](matrix-org/matrix-react-sdk#10953)). * Hide URL preview if it will be empty ([\element-hq#9029](matrix-org/matrix-react-sdk#9029)). * Change wording from avatar to profile picture ([\element-hq#7015](matrix-org/matrix-react-sdk#7015)). Fixes element-hq/element-meta#1331. Contributed by @aaronraimist. * Quick and dirty devtool to explore state history ([\element-hq#11197](matrix-org/matrix-react-sdk#11197)). * Consider more user inputs when calculating zxcvbn score ([\element-hq#11180](matrix-org/matrix-react-sdk#11180)). * GYU: Account Notification Settings ([\element-hq#11008](matrix-org/matrix-react-sdk#11008)). Fixes element-hq#24567. Contributed by @justjanne. * Compound Typography pass ([\element-hq#11103](matrix-org/matrix-react-sdk#11103)). Fixes element-hq#25548. * OIDC: navigate to authorization endpoint ([\#11096](matrix-org/matrix-react-sdk#11096)). Fixes element-hq#25574. Contributed by @kerryarchibald. * Fix read receipt sending behaviour around thread roots ([\element-hq#3600](matrix-org/matrix-js-sdk#3600)). * Fix missing metaspace notification badges ([\element-hq#11269](matrix-org/matrix-react-sdk#11269)). Fixes element-hq#25679. * Make checkboxes less rounded ([\element-hq#11224](matrix-org/matrix-react-sdk#11224)). Contributed by @andybalaam. * GYU: Fix issues with audible keywords without activated mentions ([\element-hq#11218](matrix-org/matrix-react-sdk#11218)). Contributed by @justjanne. * PosthogAnalytics unwatch settings on logout ([\element-hq#11207](matrix-org/matrix-react-sdk#11207)). Fixes element-hq#25703. * Avoid trying to set room account data for pinned events as guest ([\element-hq#11216](matrix-org/matrix-react-sdk#11216)). Fixes element-hq#6300. * GYU: Disable sound for DMs checkbox when DM notifications are disabled ([\element-hq#11210](matrix-org/matrix-react-sdk#11210)). Contributed by @justjanne. * force to allow calls without video and audio in embedded mode ([\element-hq#11131](matrix-org/matrix-react-sdk#11131)). Contributed by @EnricoSchw. * Fix room tile text clipping ([\element-hq#11196](matrix-org/matrix-react-sdk#11196)). Fixes element-hq#25718. * Handle newlines in user pills ([\element-hq#11166](matrix-org/matrix-react-sdk#11166)). Fixes element-hq#10994. * Limit width of user menu in space panel ([\element-hq#11192](matrix-org/matrix-react-sdk#11192)). Fixes element-hq#22627. * Add isLocation to ComposerEvent analytics events ([\element-hq#11187](matrix-org/matrix-react-sdk#11187)). Contributed by @andybalaam. * Fix: hide unsupported login elements ([\element-hq#11185](matrix-org/matrix-react-sdk#11185)). Fixes element-hq#25711. Contributed by @kerryarchibald. * Scope smaller font size to user info panel ([\element-hq#11178](matrix-org/matrix-react-sdk#11178)). Fixes element-hq#25683. * Apply i18n to strings in the html export ([\element-hq#11176](matrix-org/matrix-react-sdk#11176)). * Inhibit url previews on MXIDs containing slashes same as those without ([\element-hq#11160](matrix-org/matrix-react-sdk#11160)). * Make event info size consistent with state events ([\element-hq#11181](matrix-org/matrix-react-sdk#11181)). * Fix markdown content spacing ([\element-hq#11177](matrix-org/matrix-react-sdk#11177)). Fixes element-hq#25685. * Fix font-family definition for emojis ([\element-hq#11170](matrix-org/matrix-react-sdk#11170)). Fixes element-hq#25686. * Fix spurious error sending receipt in thread errors ([\element-hq#11157](matrix-org/matrix-react-sdk#11157)). * Consider the empty push rule actions array equiv to deprecated dont_notify ([\element-hq#11155](matrix-org/matrix-react-sdk#11155)). Fixes element-hq#25674. * Only trap escape key for cancel reply if there is a reply ([\element-hq#11140](matrix-org/matrix-react-sdk#11140)). Fixes element-hq#25640. * Update linkify to 4.1.1 ([\element-hq#11132](matrix-org/matrix-react-sdk#11132)). Fixes element-hq#23806.
Description
My username matches my domain (MXID of the form
@<username>:<username>.tld).As a result, all replies to messages from any other user on my homeserver are highlighted in my Riot session, flooding me with urgent notifications without intended mentions.
Steps to reproduce
Let
@alice:alice.tld,@bob:alice.tldand@caroline:alice.tldbe three users on the homeserveralice.tld. All three are members of a room in which:Remediation?
Do not allow partial matches on MXIDs contained in messages for highlighting purposes.
A highlight should require the whole MXID to match.
Version information
The text was updated successfully, but these errors were encountered: