Bootstrap v2.2.0^2~40^2~6 changes this default to false, so this is a
prerequisite to upgrading Bootstrap, and it’s also safer.
This closes an HTML injection path via user full names in the emoji
reaction tooltip. It doesn’t appear to be exploitable for cross-site
scripting because we disallow `>` in full names, and the code happens
to be written such that the next `>` is in a different parser
invocation.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
The fix_positions argument here fixes the horizontal
position of the stream popover.
It also fixes the vertical position, both in the default case, and
also doing an appropriate adjustment for the case that the color
picker is open.
This contains a few changes by tabbott to, rather than hiding the
arrow unconditionally, only do so when it would no longer point at the
right part of the screen.
Fixes#2374.
Fixes#6059.
Fixes#7290.
The patch to bootstrap will make the position smarter, but we still
want to preserve the 100px default vertical offset we chose for visual
reasons.
Tweaked by tabbott to preserve the visual design.
Bootstrap's typeahead is the main part of the project that we've
forked, and moving it to its own module should help unlock our ability
to upgrade bootstrap itself.
Fixes part of #10026.
Adds additional option to typeahead:
`tabOpensEmptyTypeahead`(default: false):
tabOpensEmptyTypeahead overrides helpOnEmptyStrings.
This commit sets helpOnEmptyStrings to false and
tabOpensEmptyTypeahead to true. Now typeahead will
open on an empty string only if Tab has been pressed.
Fixes part of #10026.
NOTE: The Tab key will select option from typeahead if the typeahead
is already open i.e the same behaviour as Enter.
NOTE: This behaviour applies irrespective of search pills are enabled
or not.
Fixes part of #10026.
Typeaheads stopped propogation of keydown and keyup events for any
key except tab and enter. If stopAdvance was true even tab and enter
were not allowed.
advanceKeyCodes option was added to typeahead which allowed to specify
key codes for which propogation of keydown and keyup events should not
stop. advanceKeyCodes does not respect the stopAdvance option.
As the backspace key code is added to advanceKeyCodes in search.js,
the backspace key deletes pill on pressing backspace if input is empty
or only consists of spaces.
When the iOS keyboard is open and up, the positioning gotten by
getBoundingClientRect will display a `top` value that is short by the
height of the keyboard, which will usually end up placing things north
of the top of the screen.
By changing to jQuery $.fn.offset instead, the positioning appears to
be correct in all cases; iOS keyboard up, down, and desktop usage.
Fixes: #6366.
Trac #1479
All our typeaheads use this, but I made it an option that must be enabled
explicitly since it is not default bootstrap behavior.
(imported from commit 97852dc407d1f6dbe46b5fdd2c56d3ed8c6718d2)
The option caused some race conditions on Firefox, and it is
really made moot by the naturalSearch option anyway.
(imported from commit dc7080c905ced9b2f4ad4275d82549acf09a59f7)
Anders Kaseorg
Tim Abbott
Steve Howell
Adarsh Patel
Shubham Padia
Brock Whittaker
Rohith Asrk
Igor Tokarev
Katy310
acrefoot
Waseem Daher
Leo Franchi
Kevin Mehall
Steve Howell
Tim Abbott