Blog

Privacy for everyone

Login

Sign up

Notesnook

Notesnook v3.0.26

Abdullah Atta

February 14, 2025

Notesnook v3.0.26 fixes 10+ bugs via 39 commits. Fixed 2 security vulnerabilities, new keyboard shortcuts for tabs, and more!

Previous releases:

  • v3.0.25 fixes 10+ bugs via 88 commits. Improved tabs with history, navigation & other goodies!
  • v3.0.24 fixes 20+ bugs via 65 commits. Better integrated titlebar, reminders & note widgets on iOS/Android, and more!
  • v3.0.23 fixes 30+ bugs via 99 commits. Gift cards, search results sorted by date created, improved UX when auto save is disabled, and more.

Note: On the mobile app, the version containing these fixes & improvements should be v3.0.32.

Fix 2 potential XSSs when pasting untrusted content into the editor

  1. Potential XSS when pasting/inserting an iframe containing a javascript link.
  2. Potential XSS when pasting/inserting an svg containing JavaScript (why do SVGs allow JS in the first place?).

Mitigations include disallowing all execution of JS inside an SVG by rendering it in a sandboxed iframe. While we cannot disallow JS execution in embeds (that would break all embeds like YouTube videos), we have disallowed access to the parent window to all iframes, again, by using a sandboxed iframe and by disallowing embedding of javascript: links.

These vulnerabilities affect the following apps:

  1. Web app - medium risk
  2. Mobile app - low risk since the editor runs in its own process completely isolated from the Notesnook app
  3. Desktop app - medium risk

These vulnerabilities cannot be used to steal or access your notes or any other data since everything is stored and accessed from an encrypted SQLite database which isn't globally accessible by any script. Your data would be 100% safe and isolated from such an attack. However, an attacker could still cause havoc and track your activities while using the app so it's recommended that you upgrade to v3.0.26 as soon as possible.

We are not aware of any instance where this vulnerability was exploited in the wild. It is still recommended that you double check before pasting things from untrusted parts of the web.

Special thanks to @sksec_ for responsibly reporting these vulnerabilities.

Keyboard shortcuts for tabs

Yep, we are finally working on making Notesnook keyboard accessible. Better late than never, right? Anyway, we have added the following new keyboard shortcuts:

  • Ctrl/Cmd+t to open new tab.
  • Ctrl/Cmd+n to create a new note.
  • Ctrl/Cmd+w to close the active tab.
  • Ctrl/Cmd+Shift+W to close all tabs.

Some of these shortcuts might not work in the web app due to browsers disallowing overriding those shortcuts. In such cases, you can press an extra Shift key to trigger the shortcut. For example, instead of Ctrl/cmd+t to open a new tab, you can press Ctrl/cmd+Shift+T.

by @01zulfi in #7109

Select programming language by pressing Enter key

You can now directly press the Enter key to select the topmost language when changing the programming language of a code block. Pressing the Escape key will now also close the language selector popup.

by @KYash03 in #7484

Fix search queries containing special characters

Special characters are recognized as column names by SQLite and need to be properly escaped if they are to be searched.

by @luis-411 in #7418

Device specific settings are no longer reset on logout

Previously, we were clearing everything in the local stores on logout which also cleared things like the current selected theme, font sizes etc. In this release, all device specific settings are ignored when logging out.

by @ammarahm-ed in #7423 and @01zulfi in #7436

Fixes and minor improvements

  1. Fix status bar disappearing on small/tablet-sized screens by @luis-411 in #7542
  2. Hide undo & redo buttons for readonly notes by @01zulfi in #7541
  3. Fix app icon appearing corrupt in some places on macOS by @xa4hf8 in #7542
  4. Fix various typos in code comments and other places by @luzpaz in #7463
  5. Fix subnotebook title not updating on navigate by @luis-411 in #7286
  6. Fix task list stats appearing as 0/0 on app reload by @luis-411 in #7327
  7. Fix collapsed pane expanding on app reload by @thecodrr in #7449
  8. Fix crash on app launch with new tabs by @ammarahm-ed in #7451
  9. Show progress when taking backup and allow to hide backup dialog by @ammarahm-ed in #7452
  10. Fix opening note from widget opens incorrect note by @ammarahm-ed in #7453
  11. Fix unlocking note with biometrics by @ammarahm-ed in #7459
  12. Fix file size is 0 errors when downloading attachments by @ammarahm-ed in #7458
  13. Fix dialog calling onClose after pressing positive button by @ammarahm-ed in #7558

Read the full commit history here.

#notesnook

#releases

Abdullah Atta

Abdullah Atta

Lead developer of Notesnook

NEXT POST

Notesnook v3.0.25