Commit Graph

88 Commits

Author SHA1 Message Date
Tim Abbott a2767e8c50 CVE-2020-14194: Use noopener/noreferrer for external links.
We fixed the main issue of this form in CVE-2020-9444, but the audit
done at that time only included links found in rendered_markdown; this
change completes our audit for links with target=_blank anywhere in
the codebase.
2020-06-16 23:35:39 -07:00
Steve Howell cf78cb0d6e templates: Use `<hr>` and `<br>` consistently.
We now prevent these variations:

    * <hr/>
    * <hr />
    * <br/>
    * <br />

We could enforce similar consistency for other void
tags, if we wished, but these two are particularly
prevalent.
2020-04-28 17:05:48 -07:00
Vishnu KS dae5f54a63 stats: Show info message in /stats page of newly created realms.
This provides a better user experience for folks joining a new Zulip
realm and visiting this page.
2020-04-03 11:59:18 -07:00
Anders Kaseorg fda70a5458 templates: Use just one webpack entry point per page.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-28 15:53:15 -07:00
Vishnu KS ec955f8f78 support: Show confirmation links in search.
Fixes #13060 #12784
2019-10-21 16:56:50 -07:00
Vishnu KS 139ebf387b support: Pass various realm functions as template context.
We currently have code to calculate the value of realm_icon_url,
admin_emails and default_discount in two diffrent places. With
the addition of showing confirmation links it would become three.
The easiest way to deduplicate the code and make the view cleaner
is by doing the calculations in template. Alternatively one can
write a function that takes users, realms and confirmations as
arguments and sets the value of realm_icon_url, admin_emails and
default_discount appropriately in realm object according to the
type of the confirmation. But that seems more messy than passing
the functions directly to template approach.
2019-10-21 16:52:46 -07:00
Vishnu KS 62a8e378a6 support: Refactor realm details into a seperate template. 2019-10-21 16:52:46 -07:00
Anders Kaseorg 46e562f990 bootstrap: Change tooltip html default to false.
Bootstrap v2.2.0^2~40^2~6 changes this default to false, so this is a
prerequisite to upgrading Bootstrap, and it’s also safer.

This closes an HTML injection path via user full names in the emoji
reaction tooltip.  It doesn’t appear to be exploitable for cross-site
scripting because we disallow `>` in full names, and the code happens
to be written such that the next `>` is in a different parser
invocation.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-19 20:53:10 -07:00
Anders Kaseorg 7494f1600c templates: Move page_params from an inline script to the <body> dataset.
This sidesteps tricky escaping issues, and will make it easier to
build a strict Content-Security-Policy.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-17 16:06:33 -07:00
Anders Kaseorg 9b38bcc2a6 templates: Abstract render_bundle behind a Jinja2 macro.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-17 16:06:33 -07:00
Rishi Gupta a3fca01922 activity: Add links to /stats and /activity in /activity/support. 2019-07-09 17:20:17 -07:00
Vishnu Ks 44d16d76c1 activity: Extract most js from realm_summary_table to activity.js. 2019-06-14 10:20:59 -07:00
Vishnu Ks 14e582fb59 support: Add functionality to copy admin emails.
Also renamed a bunch of functions in test_views for better
readability.
2019-06-14 10:19:50 -07:00
Rishi Gupta 42c37ef2ee support: Update wording of scrub realm button. 2019-05-08 15:09:48 -07:00
Rishi Gupta 98da11c558 support: Rename deactive to deactivated. 2019-05-08 15:09:48 -07:00
Vishnu Ks 27cfc02b21 support: Use CSS from app_components for buttons and input. 2019-05-06 20:12:48 -07:00
Vishnu Ks 6c58603eaf support: Add support for scrubbing realm. 2019-05-06 20:12:54 -07:00
Vishnu Ks f6203f068b support: Add support for activating and deactivating realm. 2019-05-06 20:12:48 -07:00
Vishnu Ks 9c1e409ea3 support: Update discount label to include nonprofit discount %. 2019-05-06 17:47:07 -07:00
Rishi Gupta c64b909556 analytics: Add autofocus to /support input box. 2019-03-20 22:28:03 -07:00
Vishnu Ks 8eeb8280b4 activity: Create interface for doing support operations.
This should grow into a tool that makes it much easier to do common
organization management tasks without using a manage.py shell.
2019-03-11 12:01:11 -07:00
Tim Abbott c41bfcb9e0 Revert "activity: Change definition of active site."
This reverts commit 9f9b7cb991.

This commit made the page not perform well enough to load.
2019-02-13 14:52:13 -08:00
bartek 9f9b7cb991 activity: Change definition of active site.
Signed-off-by: bartek <bartek.jachowicz@gmail.com>

Edits by Rishi Gupta <rishig@zulipchat.com>

Fixes: #10432
2019-02-12 16:36:44 -08:00
Nikhil Kumar Mishra 478674a6d6 analytics: Refactor to support more than one tooltip on same page.
While we don't actually need another tooltip on /stats right now, this
provides a clear approach for how to do that.  We've since added
tooltips in various other parts of the webapp, and that code is pretty
copy-pasteable, so I think it's reasonable to say this closes #4612.

Cleaned up by tabbott to remove a bunch of unnecessary changes.
2018-11-28 16:04:35 -08:00
Vishnu Ks 2e04cdbe5e billing: Show estimated subscription revenue on /activity.
[Substantial edits by Rishi Gupta]
2018-11-16 13:30:16 -08:00
Vishnu Ks 6fcb095e70 activity: Show plan_type in activity page. 2018-08-21 18:15:14 -07:00
Anders Kaseorg f75c0e29f4 HTML validation: Remove obsolete attributes from <script>, <style>.
<script charset=…>, <script type=…>, and <style type=…> are “obsolete
but conforming” in HTML5.  They make the validator.nu output noisier
and real problems a little harder to find.

(type was required in HTML 4, which is not relevant to us.)

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-07-13 10:27:23 +05:30
Cynthia Lin 0ed13e3631 stats: Fix incorrect data-user attribute on Everyone button.
For some reason, it was defined as "realm" instead of "everyone",
resulting in undefined value JS errors when draw_plot() was called.

Fixes #9937.
2018-07-13 10:24:13 +05:30
Rishi Gupta 08d7e113db activity: Add link to installation stats. 2018-05-27 22:07:07 -07:00
Rishi Gupta 2b97a9488f stats: Fix on-hover behavior of number of users.
Fixes regression introduced in fa9d79e.
2018-05-26 12:08:05 -07:00
Nikhil Kumar Mishra fa9d79e203 stats: Add 1 day actives and total users to number of users chart. 2018-05-20 10:56:16 -07:00
Rishi Gupta af758755bd stats: Rename target_realm_name to target_name in stats.html. 2018-05-18 15:12:36 -07:00
Priyank Patel 1e1b72f6c8 webpack: Transition stats.css to use webpack.
The stats.scss file is added to activity bundle.
2018-05-03 08:08:23 -07:00
Priyank Patel c780bc33ba webpack: Transition activity.css to use webpack.
The activity.scss file is added to activity bundle.
2018-05-03 07:53:24 -07:00
Priyank Patel 50b13219a3 webpack: Combine both js and css into one portico bundle.
Combines, both portico js and css into one bundle. This for now solve
the issue of an empty js bundle being generated by webpack for the
portico-styles stylesheet.
2018-04-30 10:23:39 -07:00
Armaan Ahluwalia 93ac40105f CSS: Move portico styles to webpack compilation.
static/styles/scss/portico.scss is now compiled by webpack
and supports SCSS syntax.

Changed the server-side templates to render the portico-styles
bundle instead of directly requiring the portico stylesheet. This
allows webpack to handle stylesheet compilation and minification.

We use the mini-css-extract-plugin to extract out css from the
includes in webpack and let webpacks production mode handle
minification. Currently we're not able to use it for dev mode
because it does not support HMR so we use style-loader instead.
Once the plugin supports HMR we can go on to use it for both
dev and prod.

The downside of this is that when reloading pages in the development
environment, there's an annoying flash of unstyled content :(.

It is now possible to make a change in any of the styles included
by static/styles/scss/portico.scss and see the code reload live
in the browser. This is because style-loader which we currently
use has the module.accept code built-in.
2018-04-27 09:04:50 -07:00
Shubham Dhama 03a2a9c792 activity: Add realm stats link to "realm activtiy table". 2018-04-18 11:07:00 -07:00
Shubham Dhama b26c38bc47 analytics: Make stats of all realms accessible to server admins.
In this commit:
Two new URLs are added, to make all realms accessible for server
admins. One is for the stats page itself and another for getting
chart data i.e. chart data API requests.
For the above two new URLs corresponding two view functions are
added.
2018-04-18 11:06:50 -07:00
Aditya Bansal b9f1acb300 linter: Enforce 2 space indents on tags spread over multiple lines.
We make some specific cases of tags use 2 space indents.
The case description:
* A tag with opening tag spread over multiple lines and closing tag
on the same line as of the closing angle bracket of the opening tag.
* A tag with opening tag spread over multiple lines and closing tag
not on the same line as of the closing angle bracket of the opening
tag.

Example:
Case 1:

Not linted:
<button type="button"
class="btn btn-primary btn-small">{{t "Yes" }}</button>

After linting:
<button type="button"
  class="btn btn-primary btn-small">{{t "Yes" }}</button>

Case 2:

Before linting:
<div class = "foo"
     id = "bar"
     role = "whatever">
     {{ bla }}
</div>

After linting:
<div class = "foo"
  id = "bar"
  role = "whatever">
    {{ bla }}
</div>
2018-04-07 20:08:44 -07:00
Aman Jain a0b58b1560 activity: Add a link to copy list of realm admins.
Tweaked by tabbott to do the database queries properly.

This should help user to copy realm admin emails in a go.
Fixes: #7885
2018-02-12 08:55:45 -08:00
Aditya Bansal 642e27d2b7 analytics/stats.html: Clean up to use 4 space indentation. 2018-01-27 23:06:59 +05:30
Aditya Bansal 16c40ea023 analytics/activity.html: Clean up to use 4 space indentation. 2018-01-27 23:06:58 +05:30
Utkarsh Patil 10149b75cc stats: Add per-graph loading indicator
This commit ensures that size of each graph is the same before and
after the data is loaded. It also adds a loading indicator to each
graph until the data is loaded.

Fixes https://github.com/zulip/zulip/issues/6490
2017-12-13 14:44:28 -06:00
Greg Price 20b2c11830 activity: Show the time the data is from.
I've wanted this when looking at a tab from the day before.
Also provides the date and time in UTC, which is handy for
interpreting some of the data.

Pretty sure this is not the world's cleanest way to do this in the
front-end code.  It'll do for now.
2017-12-12 15:30:03 -08:00
Greg Price 1e1f381270 activity: Explain highlighting of young realms. 2017-12-12 15:30:03 -08:00
Greg Price e6cdc55ab5 activity: Use real ≥ signs, not ">=".
Not only does this look better, but in the parallel case of ≤
(coming soon) it prevents a naive parser, like in our linter,
from getting confused by seeing a "<" character.
2017-12-12 15:30:03 -08:00
Greg Price d36b1cd2d7 activity: Correct description of message-history figures.
This explains why the first number was usually the smallest!
2017-12-12 15:30:03 -08:00
Greg Price ef2f27980a activity: Explain "active sites", and which sites show up in table. 2017-11-30 20:43:46 -08:00
Greg Price 0ebfc2fb5c activity: Highlight recently-created realms. 2017-11-30 20:43:46 -08:00
Greg Price 8de34c93dd activity: Show each realm's creation date.
I'd rather have something rich and fancy like a sparkline of
activity... but this is a lot quicker to implement.
2017-11-30 20:43:46 -08:00