Mailvelope

Recent Commits

• Thomas Oberndörfer (11 Jun 26)

  Release v6.3.0

• Thomas Oberndörfer (11 Jun 26)

  Restore ext_name and ext_description in all locales

• Thomas Oberndörfer (11 Jun 26)

  Move SETUP_SKIPPED constant to lib/constants

• Thomas Oberndörfer (10 Jun 26)

  Update translations; drop orphan and untranslated keys

• Thomas Oberndörfer (10 Jun 26)

  Normalize l10n files to Weblate format 2-space indent, sorted keys, raw UTF-8. Strip description from all non-en files. Fill in the previously empty en descriptions.

• Thomas Oberndörfer (09 Jun 26)

  Update dependencies; replace jest-puppeteer with a custom Puppeteer env Drop the unmaintained jest-puppeteer preset (it pins jest-environment-node@29 and breaks under jest 30.4's resetModules) in favor of globalSetup/globalTeardown plus a custom test environment that reconnects to one browser and exposes the browser/page globals.

• Thomas Oberndörfer (08 Jun 26)

  Sanitize l10n usage Drop obsolete message keys, add a few that live code renders but were undefined, and realign de with en. Scope each register() array to the keys its file actually renders.

• Thomas Oberndörfer (08 Jun 26)

  Redesign key backup dialog with two-step save flow

• Thomas Oberndörfer (02 Jun 26)

  Add test:all script that rebuilds before the full suite

• Thomas Oberndörfer (01 Jun 26)

  Answer get-is-setup-done from storage to stop popup menu flash The handler awaited the full keyring build before answering, so a profile without private keys flashed the normal menu for seconds before correcting to the setup menu. Add a storage-only hasAnyPrivateKey() check that avoids the init gate so the no-keys answer arrives fast.

• Igor Ianishevskyi (21 May 26)

  Add onboarding flow with redesigned key setup UI Introduce a dedicated onboarding route that guides new users through key generation or import, replacing the old install landing page. Rework the keyring setup UI with breadcrumb navigation, a GnuPG footer, and a persistable "Skip setup" option.

• Thomas Oberndörfer (20 May 26)

  Drop Edge build target from grunt Edge now ships the Chrome package; the separate compress:edge zip and dist-edge task are no longer used.

• Thomas Oberndörfer (20 May 26)

  Close watch-list init race on Chrome first install (#908) Add a defaultsInitialized gate resolved by defaults.init() once the watch list is in chrome.storage.local. getWatchList() and getWatchListCache()'s cold path await it, so initScriptInjection no longer races the first-install setWatchList() write. Move the Firefox cold-path reload from inject.js into getWatchListCache, where it sits next to the cache miss that triggers it; inject.js drops its `if (!watchList)` branch since the accessors now guarantee an array. Adds defaults.init unit tests and a parameterized smoke test that catches deadlocks in the startup chain.

• Thomas Oberndörfer (19 May 26)

  Fix UTF-8 multibyte char corruption in decrypted MIME bodies (#893) Request format: 'binary' from the PGP backend so decryptMessage and verifyMessage return a JS binary string of UTF-8 bytes, then decode it once via TextDecoder in parseInline. Drops the legacy decodeURIComponent(escape(...)) workaround in the editor's signed-message branch, hoists the cleartext path ahead of MIME parsing, and factors out the shared html2textIfHtml helper. Ports the dead Karma mail-reader test to Jest and adds unit/integration coverage for the encoding pipeline.

• Thomas Oberndörfer (19 May 26)

  Update Microsoft webmail entries in watchlist defaults - Add *.outlook.cloud.microsoft frame to outlook.office.com entry to support the new unified cloud.microsoft domain Microsoft is rolling out for M365 work/school Outlook. - Rename the mail.live.com site entry to outlook.live.com and drop the dead *.mail.live.com frame (mail.live.com has 302-redirected to outlook.live.com for years).

• Thomas Oberndörfer (18 May 26)

  Modernize client-API JSDoc pipeline and document web components

• Thomas Oberndörfer (15 May 26)

  Show pending state for recipients during keyserver lookup Recipients now carry a `lookupPending` flag while the controller resolves a key via keyserver lookup. The editor receives a new `key-lookup-result` port event and clears the flag, replacing the previous `*Error` callback pattern with derived `hasAnyUnresolvedRecipient(recipients, keys)` reads — so a late key arrival flips the badge without needing a callback. Adds shared `findKeyByEmail` / `hasAnyUnresolvedRecipient` helpers in `lib/email`, a pending badge with spinner/pulse animation, and Editor component integration test plumbing alongside the new unit tests. Also bumps the toolchain to Node 24+/npm 11+/ECMAScript 2024 and switches `web-ext` invocations to `npx`.

• Thomas Oberndörfer (05 May 26)

  Add Gmail OAuth account mismatch modal and consolidate email helpers Surfaces a self-explanatory localized modal when oauth2/v3/userinfo returns a different account than the one Mailvelope intended to authorize. The modal explains the cause inline and offers a retry that forces Google's account chooser via prompt=select_account; cancel keeps the user on the Provider page rather than redirecting back. Title-regex account detection now takes the trailing match so subject-line addresses no longer mis-set the active account. Consolidates email parsing and validation into src/lib/email.js (replacing ad-hoc helpers across gmail.js, util.js, key.js, wkdLocate.js, autocryptWrapper.js, and several keyring/editor components). Adds Jest coverage for the new email helpers, the mismatch retry path in gmail.controller.js, and the title-regex detection.

• Thomas Oberndörfer (16 Jan 26)

  Release v6.2.1

• Thomas Oberndörfer (16 Jan 26)

  Fix browser detection for Chrome 144 compatibility

• Thomas Oberndörfer (18 Oct 25)

  Release v6.2.0

• Thomas Oberndörfer (10 Oct 25)

  Normalize armored message in decrypt container

• Thomas Oberndörfer (15 Sept 25)

  Add mail.de to authorized domains for client-API

• Thomas Oberndörfer (15 Sept 25)

  Remove De-Mail providers from default authorized domain list

• Thomas Oberndörfer (15 Sept 25)

  Add new mailbox.org subdomain to defaults

• Thomas Oberndörfer (27 Aug 25)

  Fix content script injection after domain authorization request Bug introduced with v5.2, the authorization popup needs to be closed before script injection otherwise a call to mvelo.tabs.query will target the popup instead of the main browser window.

• Thomas Oberndörfer (11 Jul 25)

  Add DecryptController test coverage and clean up test infrastructure

• Thomas Oberndörfer (02 Jul 25)

  Add EditorController test coverage and remove duplicate test coverage

• Thomas Oberndörfer (02 Jul 25)

  Add providerSpecific test coverage with unit and integration tests

• Thomas Oberndörfer (02 Jul 25)

  Add ExtractFrame test coverage with unit and integration tests