marked.js provides a helpful error message asking for bugs to be
reported upstream, but since we're running a fork, we should redirect
such support requests to us.
We can triage as necessary.
We only need to loop through the preprocessors
once, and we should use the options passed
in to the parser, not the default options
from the original setOptions call.
The first loop here was doing nothing.
When a user clicks outside the typeahead menu, inside the typing area,
the cursor position potentially changes, so `lookup` is called, which
considers the new cursor position and accordingly hides, continues
showing, or updates the typeahead menu.
This fixes the bug where even after clicking elsewhere, the old
typeahead menu continued showing and on making a selection, the text
was inserted at the wrong (new) position.
Fixes: #21302.
Added a property `mouse_moved_since_typeahead` to the typeahead class
which tracks whether the mouse has been moved since the typeahead
menu appeared.
The hovered over menu item is highlighted on `mouseenter` only if
`mouseMoved` is true. Otherwise, the cursor is hidden temporarily.
Code substantially reorganized by tabbott.
Fixes: #21018.
Now checking for custom trigger keys will happen during `keydown`
instead of `keyup` so that if the key is printable, `preventDefault`
can prevent it from appearing in the compose box.
This fixes the case when jumping to topic, would eat up any space
or new line after the cursor, due to wrong splitting around the
cursor, which was a result of using the printable custom trigger key,
the ">", in contrast to a non printable one like Enter.
The problem was that custom trigger keys like `>` that the browser's
default behavior is to type (vs. others like RightArrow where that
isn't the case) can result in extra characters being emitted, which
is not wanted.
This fixes an issue where the auto-complete dropdown doesn't reflect
the changed stream in the message edit UI.
We add an unlisten method to the typeahead library to support this
reinitialization cleanly and in a way that can be readily reused in
the future.
Fixes#19874.
The issue was with the typeahead `click` event where it
didn't activate the current target and called the `select`
method, which selected the element which was last
focused.
This was debugged by Anders Kaseorg.
In the old regex, there was no 4th capturing group, hence
cap[4] always gives `undefined`. It is removed now.
Also, we were capturing the whole pattern which is not needed
as it is by default captured in the group with the 0th index.
This reverts commit 9c6d8d9d81 (#16916).
This feature has known bugs, and also wants some design changes to
make it customizable like linkifiers, so we’re retargeting this to
post-4.x.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
We add support to shorten links and test their shortening in
well-organized, clean manner that makes it trivial to extend the
GitHub approach for GitLab and perhaps other services.
We only shorten basic types of GitHub links (issue, PR, commit) that
fit a set of simple common patterns; the default behaviour of Autolink
is kept for everything else.
Logic added in frontend and backend Markdown Processor is identical.
This makes easy to extend the logic for other services like GitLab.
Fixes#11895.
Follow up to #14768. This feature was already non-functional due to
.alert-display { display: none; }, and if we want to reimplement it,
we should do it using a modern library.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit fixes a bug in marked.js which caused it to double-escape
HTML when rendering messages of the form: *[text](url)*.
This fixes a bug introduced in
3bdc8bbaa5, where an unnecessary
escape() call was added for the <em> code path, likely just because it
was adjacent to the others that needed it in the file.
Fix this, and add tests to verify that things are still being escaped
once after removing this extra escape.
Fixes#14845.
Initally, when writing two or more quotes, having
a blank line in between them, merges those quotes.
This created confusion especially in "quote and reply".
This commit fixes such issues. Now two or more quotes
having a blank line in between them, will not get merged.
This change is correct both for usability and for improving our
compatibility with CommonMark.
Fixes#14379.
Upstream has slightly changed the whitespace around stashes. Take
this opportunity to clean up the extra blank lines we were outputting.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
css-loader@4 broke @import statements referencing files with
extensions other than .css, unless those @import statements are
compiled away by another loader. Upstream is more interested in
arguing that such @import statements are semantically incorrect than
applying the one line fix.
https://github.com/webpack-contrib/css-loader/issues/1164
Signed-off-by: Anders Kaseorg <anders@zulip.com>
We don't modify bootstrap.js here but override its popover and
tooltip plugins. In future we will not import these plugins
via npm. We also copy all the popover code from bootstrap.css v2.1.1
to popovers.scss since all the code in bootstrap-tooltip.js is
based upon this css or vice versa.
Update THIRDPARTY info about bootstrap libraries.
There were 4 types of changes to bootstrap.js - bugfixes, file
moves, changes to typeahead plugin and changes to tooltip +
popover plugin.
Bugfixes were automatically fixed when upgrading to v2.3.2, file
moves are irrelevant to this upgrade and the plugins were
extracted into separate files.
46e562f - POPOVER
8779e55 - POPOVER
66c6423 - POPOVER
21ccf45 - POPOVER
cb9b526 - TYPEAHEAD EXTRACTED
3079cf8 - TYPEAHEAD
9ea4f50 - TYPEAHEAD
b961093 - TYPEAHEAD
0e2c509 - TYPEAHEAD
28589c5 - TYPEAHEAD
70a14d8 - TYPEAHEAD
0c42e4a - TYPEAHEAD
213b8ce - FIXED IN 2.3.2
0bac986 - TYPEAHEAD
0e3332d - FIXED IN V2.3.2
eaa777b - TYPEAHEAD
f944a8e - TYPEAHEAD
546ae10 - TYPEAHEAD
3bba0cc - FILE MOVED
b8794e1 - TYPEAHEAD
6217c1a - TYPEAHEAD
dc85fa7 - TYPEAHEAD
d329317 - TYPEAHEAD
b3ef776 - TYPEAHEAD
fcb3999 - TYPEAHEAD
0975cfa - TYPEAHEAD
fbed3e2 - TYPEAHEAD
0fa857d - POPOVER
68b890a - TYPEAHEAD
b5cadec - typeahead
441e429 - copyright
22ce2c0 Fixed In v2.3.2
d78d761- typeahead
bff933e- typeahead
ef585cf- typeahead
7e35369 - typeahead
8f1cee0 - Files moving around
1490ae1 - add file
We don't want bootstrap-btn css from v3.1.1 overlapping with v2.3.2's
.btn css; so we remove it.
Commits that were skipped:
3142d74 - false typo fix. It add support for IE9.
ead73f3 - We retain Glyphicons since they don't make any difference.
3bba0cc - Moving code around.
We merge bootstrap-responsive.css into bootsrap.css since that is
how bootstrap distributes it from this version onwards.
bootstrap.js has a lot of changes to it which completely breaks
our typeaheads and popovers, so we will have to override these
plugins with our version of these plugins. In future versions
of bootstrap when we use npm, we can just choose not to
import them.
This commit clearly shows what changes we made to the bootstrap
library for a future reference.
bootstrap-btn.css was left out since it is from version v3.1.1. We
will integrate custom changes made by us into zulip when we upgrade
to v3.x.
We have also removed our license from these files.
This particular commit has been a long time coming. For reference,
!avatar(email) was an undocumented syntax that simply rendered an
inline 50px avatar for a user in a message, essentially allowing
you to create a user pill like:
`!avatar(alice@example.com) Alice: hey!`
---
Reimplementation
If we decide to reimplement this or a similar feature in the future,
we could use something like `<avatar:userid>` syntax which is more
in line with creating links in markdown. Even then, it would not be
a good idea to add this instead of supporting inline images directly.
Since any usecases of such a syntax are in automation, we do not need
to make it userfriendly and something like the following is a better
implementation that doesn't need a custom syntax:
` Alice: hey!`
---
History
We initially added this syntax back in 2012 and it was 'deprecated'
from the get go. Here's what the original commit had to say about
the new syntax:
> We'll use this internally for the commit bot. We might eventually
> disable it for external users.
We eventually did start using this for our github integrations in 2013
but since then, those integrations have been neglected in favor of
our GitHub webhooks which do not use this syntax.
When we copied `!gravatar` to add the `!avatar` syntax, we also noted
that we want to deprecate the `!gravatar` syntax entirely - in 2013!
Since then, we haven't advertised either of these syntaxes anywhere
in our docs, and the only two places where this syntax remains is
our game bots that could easily do without these, and the git commit
integration that we have deprecated anyway.
We do not have any evidence of someone asking about this syntax on
chat.zulip.org when developing an integration and rightfully so- only
the people who work on Zulip (and specifically, markdown) are likely
to stumble upon it and try it out.
This is also the only peice of code due to which we had to look up
emails -> userid mapping in our backend markdown. By removing this,
we entirely remove the backend markdown's dependency on user emails
to render messages.
---
Relevant commits:
- Oct 2012, Initial commit c31462c278
- Nov 2013, Update commit bot 968c393826
- Nov 2013, Add avatar syntax 761c0a0266
- Sep 2017, Avoid email use c3032a7fe8
- Apr 2019, Remove from webhook 674fcfcce1
We had been using !time() syntax for timestamps so far. Since its
an unreleased feature, we can make changes without affecting many
people.
Fixes#15442.
This change was only required for the search pills enabled
search. As there is a valid use-case where the user might
want to remove just the latest pill(s) and then narrow.
This wasn't possible previously because, the typeahead was
looked up every time the backspace key was pressed. And since
the only way to narrow in search is through the enter key,
if the user entered it then the searchbox would get updated
with the first suggestion in the typeahead.
The alternative for the user would be to first lose focus on
the searchbox (by clicking outside) the focus again which
doesn't generate the typeahead. Then only the enter key would
be available for narrowing.
We do not display the typeahead after the search pills are
created. This is done just to match the behaviour for the
deletion of pills case too.
We use this approach and we don't just change the line
in `search.js` from `helpOnEmptyStrings: true` to
`helpOnEmptyStrings: !page_params.searchpills enabled`
because we still need to provide suggestions for '',
on initial lookup or every time the empty input searchbox
with search pills present gains focus.
This adds support for syntax like: !time(Jun 7 2017, 6:30 PM) so that
everyone sees the time in their own local timezone. This can be used
when scheduling online meetings, etc.
This adds some hardcoded values for timezones, because of there
being no sureshot way of determining the timezone easily. However,
since the main way of using the feature should be a typeahead for
entering the time, this shouldn't be cause of much concern.
Fixes#5176.
In our recent navbar changes, we made it so that the
Esc key auto-closed the navbar. Unfortunately,
that code would break other typeaheads with a traceback.
One user-facing symptom was that if you drafted a PM
and started a typeahead on a recipient, then hitting
the Esc key wouldn't close the typeahead.
Now we use an `on_escape` mechanism that is specific
to the navbar typeahead, so that it's both generic and
harder to break for widgets that don't opt in to it.
See bbdc66a214 for
more details on the commit that introduced this
regression.
Note that I only call `tab_bar.exit_search` now.
I don't check the class name of the input element,
since I know that the Esc key is happening in the
context of search. And I don't blur the input,
since it's going to be hidden.
We are sweeping the codebase to use startsWith
when possible. I kept this on a separate
commit due to us vendoring the library, just
to reduce some noise.
Zulip has had a small use of WebSockets (specifically, for the code
path of sending messages, via the webapp only) since ~2013. We
originally added this use of WebSockets in the hope that the latency
benefits of doing so would allow us to avoid implementing a markdown
local echo; they were not. Further, HTTP/2 may have eliminated the
latency difference we hoped to exploit by using WebSockets in any
case.
While we’d originally imagined using WebSockets for other endpoints,
there was never a good justification for moving more components to the
WebSockets system.
This WebSockets code path had a lot of downsides/complexity,
including:
* The messy hack involving constructing an emulated request object to
hook into doing Django requests.
* The `message_senders` queue processor system, which increases RAM
needs and must be provisioned independently from the rest of the
server).
* A duplicate check_send_receive_time Nagios test specific to
WebSockets.
* The requirement for users to have their firewalls/NATs allow
WebSocket connections, and a setting to disable them for networks
where WebSockets don’t work.
* Dependencies on the SockJS family of libraries, which has at times
been poorly maintained, and periodically throws random JavaScript
exceptions in our production environments without a deep enough
traceback to effectively investigate.
* A total of about 1600 lines of our code related to the feature.
* Increased load on the Tornado system, especially around a Zulip
server restart, and especially for large installations like
zulipchat.com, resulting in extra delay before messages can be sent
again.
As detailed in
https://github.com/zulip/zulip/pull/12862#issuecomment-536152397, it
appears that removing WebSockets moderately increases the time it
takes for the `send_message` API query to return from the server, but
does not significantly change the time between when a message is sent
and when it is received by clients. We don’t understand the reason
for that change (suggesting the possibility of a measurement error),
and even if it is a real change, we consider that potential small
latency regression to be acceptable.
If we later want WebSockets, we’ll likely want to just use Django
Channels.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
Bootstrap v2.2.0^2~40^2~6 changes this default to false, so this is a
prerequisite to upgrading Bootstrap, and it’s also safer.
This closes an HTML injection path via user full names in the emoji
reaction tooltip. It doesn’t appear to be exploitable for cross-site
scripting because we disallow `>` in full names, and the code happens
to be written such that the next `>` is in a different parser
invocation.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
Tim Abbott
Anders Kaseorg
Steve Howell
N-Shar-ma
rht
Pradyumna Sinha
Riken Shah
akshatdalton
Abhijeet Prasad Bodas
Aman Agrawal
Hashir Sarwar
Rohitt Vashishtha
Ryan Rehman
Steve Howell
YashRE42
Stefan Weil
Anders Kaseorg
Vishnu KS