There was really no reason for this to be a nested function, since
we weren't closing on any variables. Flatter is better. Also, it
is plausible that folks will want more control over creating
individual jQuery elements (but still want this helper).
I don't think anybody ever really used this feature, which I
developed but don't even use myself. It kind of runs counter
to the minimalist approach of the rest of node tests.
I would eventually like to re-think the template tests altogether.
They're slow, and we could solve that somewhat by replacing
jsdon/jquery with an HTML parser library to verify structural
things.
It's also possible that we can just rely on our template linters
to catch the biggest class of errors (malformed tags) and let
code review do the rest.
And it's also possible that we should make a second attempt to
ramp up tooling on making it easy to verify templates, but it
doesn't have to be part of the node tests. If we did that, we
would also potentially use tooling for Python-side templates.
This node test module is intended as a way for somebody to
quickly immerse themselves in our node testing methodologies,
plus it has the nice side effect of introducing several modules
(albeit very briefly).
A few things here:
* Use _.each to follow our convention.
* Just use new locals to avoid overwriting template and
avoid strange Object.assign hack.
* Just use simple string concatenation.
* Use better var names: full_name, shortcut
* Use chaining syntax.
This rule checks for use of const wherever needed, currently does
nothing since we don't use `let`, instead we use `var`. This rule
can be used to use refactor a file to use const easily by replaceing
var with let using a editor and then by running
`./node_modules/.bin/eslint frontend_tests --fix --cache`. And then revert
those `let`'s back to `var`.
This commit exposes some inner variables of notifications.js to make
them easily testable. The first test added simply checks whether the
showing and closing of notifications works properly, and doesn't yet
verify the main code logic of the notification generation.
We flatten the code a bit by removing a check that type is object,
and we replace it later with a check that type is string.
We also no longer allow document-like objects to be wrapped based
on the location-attribute-is-present hack. Instead, we want the
tests to just set document to 'document-stub'.
We can now extend zjquery using the $.fn mechanism. This isn't
necessarily recommended for test code (since you can just stub
individual objects directly), but some of our real code does this.
Zulip's search typeahead had a security bug, where when autocompleting
a specially crafted stream name, and then hitting space, code within
the stream name would be executed.
Zulip was doing HTML escaping correctly in the main code path using
Filter.describe to describe a narrow, but the escaping function was
not called in a few parallel code paths. We fix this in a way that
should protect all of these code paths, by making Filter.describe
return properly escaped HTML, rather than depending on its callers to
do so.
Thanks to w2w for reporting this issue.
This fixes a set of XSS issues with Zulip's frontend markdown
processor, which is used in a limited set of contexts, such as local
echo of messages and the drafts feature.
The implementation of several syntax elements, including the <em>
syntax, user and stream mentions, and some others failed to properly
escape the content inside the syntax.
Fix this, and add tests for each corrected code path.
Thanks to w2w for reporting this issue.
There was already a progress bar set up, but it became non-functional
after refactoring. This fixes it.
The default animation was getting cut off when `uploadFinished` is
called, so we add a delay before removing the upload bar to make it
get to the end.
Tweaked by tabbott to have a more natural feeling animation setup
(where we don't animate the width adjustments; just the disappearance
of the bar).
Fixes#8863.
This reverts commit 6e048c5d3f.
See #8963 for the main issue we need to fix before re-enabling this;
basically, some combination of toMarkdown and the way text/html gets
written was introducing a lot of bonus/bogus whitespace, both in the
form of newlines and spaces converted to ` `.
Priyank
Preston Hansen
Rohitt Vashishtha
Tarun Kumar
Shubham Dhama
Joshua Pan
Umair Khan
Steve Howell
Cynthia Lin
Tim Abbott
YJDave
Marco Burstein