Description
After a note is created in FSNotes and an online web page is generated for it, the generated online note remains accessible even if the note is deleted from FSNotes. It cannot be deleted or made inaccessible.
If a user enters sensitive information in a note, such as content involving national secrets, U.S. atomic bomb codes, or personal bank card numbers and passwords, and accidentally uses the “Create Web Page” feature, this could lead to serious consequences and become an extremely dangerous vulnerability.
Therefore, when a user deletes a note, the corresponding online note should also be deleted or made inaccessible at the same time to avoid potential security risks.
To Reproduce
- Open FSNotes.
- Create a new note.
- Enter any content in the note.
- Use the “Create Web Page” feature to generate an online note.
- Copy the URL of the generated online note.
- Delete the note in FSNotes, and also empty the Trash, iCloud, Git repository, and all other possible storage locations to ensure that the note cannot be recovered.
- Open the previously copied URL in a browser and observe that the online note is still accessible normally.
Expected behavior
Option 1:
When a user deletes a note in FSNotes, the corresponding online note should be automatically deleted immediately, ensuring that no one can access the note content through the generated URL anymore.
Option 2:
Add a dedicated folder named “Online Notes” to the FSNotes sidebar to display all online notes generated through the “Create Web Page” feature in one place.
- When a local note, including a note stored in iCloud or a Git repository, is deleted, the corresponding online note should not be affected and should remain accessible.
- If the user deletes a note from the “Online Notes” folder or selects the “Delete Web Page” action, the corresponding online note URL should become invalid immediately, ensuring that no one can access that content anymore.
- At the same time, deleting an online note should not affect the local note or any synced stored note.
FSNotes version
7.1.2(333)
macOS/iOS version
iOS 18.7.2
Additional context
No response
Description
After a note is created in FSNotes and an online web page is generated for it, the generated online note remains accessible even if the note is deleted from FSNotes. It cannot be deleted or made inaccessible.
If a user enters sensitive information in a note, such as content involving national secrets, U.S. atomic bomb codes, or personal bank card numbers and passwords, and accidentally uses the “Create Web Page” feature, this could lead to serious consequences and become an extremely dangerous vulnerability.
Therefore, when a user deletes a note, the corresponding online note should also be deleted or made inaccessible at the same time to avoid potential security risks.
To Reproduce
Expected behavior
Option 1:
When a user deletes a note in FSNotes, the corresponding online note should be automatically deleted immediately, ensuring that no one can access the note content through the generated URL anymore.
Option 2:
Add a dedicated folder named “Online Notes” to the FSNotes sidebar to display all online notes generated through the “Create Web Page” feature in one place.
FSNotes version
7.1.2(333)
macOS/iOS version
iOS 18.7.2
Additional context
No response