Encrypt outgoing XenForo conversation messages and decrypt incoming ones locally. Blocks draft autosave requests.
This is a script that implements a rudimentary level of E2EE on XenForo Private Conversations. It cannot encrypt attachments, and you will lose formatting of your messages. The script uses AES-256-GCM encryption (standard WebCrypto API). It does not have forward secrecy (meaning one key decrypts everything). The key and decrypted text is stored only locally in your browser. It is never sent to the forum server, so no one can see it. The script reads the encrypted text, decrypts it locally, replaces what you see on the screen with comprehensible text. The server stores only the encrypted text and never receives the plaintext in the first place. It also blocks draft auto-saving in conversations, so that the drafts are not stored in plaintext in the database (making everything else the script does useless). It also converts ciphertext to plaintext so that the auto-formatting into emojis does not break the decryption.
v0.8 patched froala editor overwriting encrypted text (hopefully)
v0.8.1 attempted to rewrite fetch
v0.8.2 tried to fix no encryption happening with bb code toggled on
v0.8.3 (v0.8 restored basically) i give up for today. not even fucking chatgpt can help (in fact made it worse)
v0.8.4-testing testing version - not ready, we are not sure if it explodes the planet
v0.8.5.-testing previous version did explode planet (total encryption failure), this SHOULD fix everything.
