DM drafts share key #262

New Issue

Closed

opened 2026-05-03 11:47:28 +00:00 by Khushvendra · 1 comment

Khushvendra commented 2026-05-03 11:47:28 +00:00

Contributor

Copy Link

Copy Source

Description

When composing a direct message to a user where no previous conversation history exists, the local draft is saved under the key dm:undefined. Because all new, empty conversations resolve to this same draft key, a draft written in one empty conversation will leak into another empty conversation.

Code References

• Chat.svelte (Line 70): The draft key is initialized as const draftKey = new DraftKey<{...}>(`dm:${$chat?.id}`). Because this runs once on mount, $chat evaluates to undefined for new conversations.
• ChatCompose.svelte (Lines 37-38 & 99): The compose box reads from and writes to this shared draftKey.
• drafts.ts: DraftKey uses a global Map, meaning dm:undefined is a globally shared slot.

### Description When composing a direct message to a user where no previous conversation history exists, the local draft is saved under the key `dm:undefined`. Because all new, empty conversations resolve to this same draft key, a draft written in one empty conversation will leak into another empty conversation. ### Code References * `Chat.svelte` (Line 70): The draft key is initialized as `` const draftKey = new DraftKey<{...}>(`dm:${$chat?.id}`) ``. Because this runs once on mount, `$chat` evaluates to `undefined` for new conversations. * `ChatCompose.svelte` (Lines 37-38 & 99): The compose box reads from and writes to this shared `draftKey`. * `drafts.ts`: `DraftKey` uses a global Map, meaning `dm:undefined` is a globally shared slot.

hodlbod changed title from Privacy Leak: New DM Drafts Share the Same Key (`dm:undefined`) to DM drafts share key 2026-05-06 20:08:22 +00:00

hodlbod added the dev label 2026-05-06 20:08:33 +00:00

hodlbod added this to the Current milestone 2026-05-06 20:08:35 +00:00

hodlbod commented 2026-05-06 23:58:12 +00:00

Owner

Copy Link

Copy Source

Fixed in 8f56812d

Fixed in 8f56812d

hodlbod closed this issue 2026-05-06 23:58:12 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

dev

master

hodlbod/sandbox

video-demo

1.8.0

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

1.6.5

1.6.4

1.6.3

1.6.2

1.6.1

1.6.0

1.5.3

1.5.2

1.5.1

1.5.0

1.4.1

1.4.0

1.3.1

1.3.0

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.1

1.1.0

0.1.1

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

0.2.14

0.2.13

0.2.12

0.2.11

0.2.10

0.2.9

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

0.1.0

Labels

Clear labels

design

For issues related to design work. Development should be done in another issue and refer back to this one.

dev

Issues related to development work

easy

Issues that can be executed on by new contributors

idea

For issues that aren't yet actionable

priority

For issues related to high priority features and bugs

usability

Issues that have to be validated with real live human beings.

No Label dev

Milestone

No items

No Milestone Current

Projects

Clear projects

No project

Assignees

Clear assignees

hodlbod (hodlbod) mplorentz (Matt Lorentz) sakshamjain (Saksham Jain) sondreb triesap userAdityaa (Aditya Chaudhary)

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: coracle/flotilla#262