Commit Graph

273 Commits

Author SHA1 Message Date
Anders Kaseorg e090027adc CVE-2022-23656: Fix cross-site scripting vulnerability in tooltips.
An attacker could maliciously craft a full name for their account and
send messages to a topic with several participants; a victim who then
opens an overflow tooltip including this full name on the recent
topics page could trigger execution of JavaScript code controlled by
the attacker.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-01 14:26:42 -08:00
Aman Agrawal bab9e50581 scroll_to_bottom_button: Use unicode icon for right arrow. 2022-02-25 14:57:22 -08:00
Steve Howell ca17a452fd subscribers: Rename file to stream_edit_subscribers.js.
We are going to move to this code organization for
managing streams:

    stream_create.js
        stream_create_subscribers.js
    stream_edit.js
        stream_edit_subscribers.js

The modules stream_create.js and stream_edit.js historically
manage the entire process of creating and editing stream
data (respectively).

Going forward both will delegate most of the subscriber-specific
pieces to either stream_create_subscribers or stream_edit_subscribers.

The stream_*_subscribers modules will be somewhat similar in
nature, but the way that we manage subscribers at creation time
is a bit different than how we manage subscribers at edit time.
2022-02-22 16:29:36 -08:00
Aman Agrawal 0eafa6039b message_scroll: Show scroll to bottom button.
Show/hide scroll to bottom button when the last message is
not visible in the current scroll position.

We adjust the bottom offset of the button based on compose box
height.

Fixes #19862
2022-02-18 13:29:57 -08:00
Aman Agrawal 9b622b7d25 gear_menu: Allow user to configure preferred theme.
We save the preferred theme in localstorage so that user doesn't
have to re-select the theme on every reload. Users on slow
computers might see flash of a theme change, if it happens.
2022-02-18 11:29:48 -08:00
Aman Agrawal c396c2f7a4 home: Send rendered realm description for spectators.
Display rendered markdown after passing it through our local
rendered_markdown JS library.
2022-02-17 16:17:15 +00:00
Aman Agrawal c827c73783 right_sidebar: Add realm description for spectators. 2022-02-04 16:00:59 -08:00
Aman Agrawal f00db27b64 message_feed_errors: Convert to handlebars. 2022-01-31 17:10:05 -08:00
Tim Abbott c0d4f8ec79 compose: Fix compose box initialization order.
This effectively reverts part of
70d444a8eb.  While it's correct that we
want to render this bit of Handlebars template early, it was not
correct to move all compose box initialization earlier.

Do the same thing we do with the left/right sidebar container
templates, which is to render them directly in `ui_init.js`.

Fixes #20778.
2022-01-31 10:12:45 -08:00
N-Shar-ma a003fe0246 compose: Fix bug where stream color didn't update on mouse selection.
Called the `decorate` function to update stream color in the compose
box on `change` instead of `blur`.

On clicking on a stream option, the input box for the stream name
remained in focus, hence decorate wasn't triggered on blur. Using
the change event instead, ensures that decorate will be called
anytime the stream is changed.

Fixes: #20871
2022-01-24 17:14:47 -08:00
Steve Howell 7ff89e4cae dom: Rename div to #manage_streams_container.
The old name was confusing, since the contents
of the div aren't just a table, and we have
smaller elements that actually do list a bunch
of subscriptions in tabular format.
2021-12-30 11:36:52 -08:00
Steve Howell 0777cd73bb stream edit: Extract stream_subscribers_ui.js.
This is a fairly straightforward extraction.

It's good to test this with Iago, and then go into
Manage Streams and add/remove subscribers for a stream
like devel.

I copy/pasted two small functions that will soon
diverge from stream_edit. The get_stream_id function
will either use a module variable (since we're
generally only editing subscribers for one stream, and
we already have the singleton assumption with
`input_pill`) or a more strict CSS selector.  And then
get_sub_for_target depends on get_stream_id. We may not
always need full subs, anyway, and when we adapt some
of this code for creating streams, things are likely to
change.

I stopped exporting a couple functions that have no
callers outside of this module.

The main entry point for the module is
enable_subscriber_management.

We continue to export invite_user_to_stream and
remove_user_from_stream, which should possibly be just
pulled into their own module to lessen some
dependencies, but they don't have too much baggage,
since they just wrap channel calls.
2021-12-30 11:36:52 -08:00
Sahil Batra f49346892f misc: Replace "day mode" with "light theme" in comments. 2021-11-26 22:03:29 -08:00
Sahil Batra 88e21d0387 misc: Replace "night mode" with "dark theme" in comments. 2021-11-26 22:03:29 -08:00
Sahil Batra a44e7a1a60 settings: Pass a single object to settings_notifications functions.
We refactor the code for user notification settings and realm-level
defaults of notification settings to pass a single object consisting
of container element, settings object, url and for_realm_settings
bool variable, to the functions, instead of passing them as separate
variables.
2021-09-21 14:56:27 -07:00
Sahil Batra e43d469e9a settings: Pass a single object to settings_display functions.
We refactor the code for user display settings and realm-level
defaults of display settings to pass a single object consisting
of container element, settings object, url and for_realm_settings
bool variable, to the functions, instead of passing them as
separate variables.
2021-09-21 14:56:27 -07:00
Sahil Batra a440c93030 settings: Add realm_user_settings_defaults module. 2021-09-15 09:50:31 -07:00
Riken Shah fbf5c41a56 buddy_list: Show still image for animated emojis.
This commit changes the behavior of how we show
animated emojis in the buddy list. We now show still
image of animated emoji and when hovered show the
animated emoji.

Fixes #19521
2021-09-12 16:24:29 -07:00
Riken Shah 8210daefc8 user status: Fix custom emoji not loading during page load.
The reason for this was we were not loading extra
parameters while storing the status emoji object.

For this we also need the emoji module to be initialized
early because the right sidebar would need it to display
the status emoji.
2021-08-02 13:38:51 -07:00
Sahil Batra 998d710275 frontend: Add new user_settings module for user's settings.
We add a new user_settings module similar to page_params
module in frontend and use it to access user's personal
settings instead of page_params.
2021-08-01 15:30:17 -07:00
Abhijeet Prasad Bodas d0b3801596 ui_init: Fix "Error: Unknown user_id in get_by_user_id: 0".
For spectators (logged view), we send user_id=0 via page_params.

The people module does not know about this user ID, and so throws the
exception. Earlier `people.get_by_user_id` was not called on page load,
but only when determining settings permissions with `settings_data.user_has_permission`.

But 231c536cad made it so that that function
is always called, so we need to handle the spectator case explicitly.

Co-authored-by: Gaurav Pandey <gauravguitarrocks@gmail.com>
2021-07-22 14:06:13 -07:00
Priyank Patel 231c536cad settings_data: Break circular dependency with people. 2021-07-20 14:28:48 -07:00
sahil839 0594207180 realm_logo: Rename realm_logo.rerender to realm_logo.render.
As realm_logo.rerender is now used for initial rendering of
logo as well in c8849f8, so we rename this function from
rerender to render.
2021-07-19 09:45:29 -07:00
Tim Abbott a5afbb60ff ui_init: Initialize people before right_sidebar.
Because the right_sidebar initialization calls user_has_permission, in
organizations that has a waiting period before users become full
members, and only full members can send invitations, Zulip will throw
an exception on startup.
2021-07-19 00:33:02 -07:00
sahil839 2f44a08b37 settings: Convert settings_overlay.html to handlebars template.
Fixes #18796.
2021-07-15 08:59:23 -07:00
m-e-l-u-h-a-n 781179c56a subs: Rename subs.js to stream_settings_ui.js.
We use subs as a common variable name for a collection of stream
data structure used in settings, in lot of modules. So this
rename clears a bunch of related shadowed variables.
2021-07-09 09:38:58 -07:00
Tim Abbott 2cb1be096e ui_init: Fix order of realm_logo rendering.
This needs to run after the navbar has been initialized.  Bug caught
by our puppeteer tests.
2021-07-06 17:51:00 -07:00
aryanshridhar c6828767fa navbar: Migrate to handlebars.
This commit migrates the `navbar.html` Django template
to handlebars by creating a new file as `navbar.hbs`
within `/static/templates` which is then rendered
using `ui_init` module.

As a part of migration, we also remove the `search_pills_enabled`
and `embedded` parameters from the context attribute as they
are no longer needed now.

Fixes part of #18792.
2021-07-06 16:46:50 -07:00
aryanshridhar 13399833b0 right_sidebar: Migrate to handlebars.
This commit migrates the `right_sidebar.html` Django template
to handlebars by creating a new file as `right_sidebar.hbs`
which is then rendered using `ui_init` module.

It also removes the tests in `test_home` due to the template
migration, since these elements aren't rendered on the backend
anymore.

We also remove `test_compute_show_invites_and_add_streams*`.

Fixes part of #18792.
2021-07-05 18:58:24 -07:00
aryanshridhar 8fb7ff7637 left_sidebar: Migrate to handlebars.
This commit migrates the `left_sidebar.html` Django template
to handlebars by creating a new file as `left_sidebar.hbs`
which is then rendered using `ui_init` module.

These are the minor changes introduced by virtue of template
migration -
 - The `compute_show_invites_and_add_streams` function now
   only concerns with the invite_to_realm_policy.
 - Renamed the `compute_show_invites_and_add_streams` function
   to `compute_show_invites` due to the above change.
 - Fixes relevant `test_home.py` tests due to the above
   changes.

Fixes part of #18792.
2021-07-05 18:49:43 -07:00
Priyank Patel 5f74e78bee js: Rename muting module to muted_topics. 2021-06-30 16:32:55 -07:00
Priyank Patel 968a8c4e50 js: Split out muted_users module from muting. 2021-06-30 16:32:55 -07:00
sahil839 c8849f8fe3 logo: Compute realm-logo url in frontend only.
This commit fixes the bug of always showing
day-mode realm logo when color scheme display
setting is set to automatic but the OS setting
is dark theme. This is because we cannot check
the OS setting on backend and we need to set
the logo url accordingly in frontend only.
So, we remove the logo url computation from
backend completely and instead compute it in
the frontend only.

Fixes #18778.
2021-06-29 13:42:44 -07:00
Dinesh 177dd05d0b timestamp: Move tooltip date, time rendering logic to tippyjs.js.
Makes use of `onShow` for all calculations and rendering
of date, time for tooltip.
2021-06-25 18:10:42 -07:00
Aman Agrawal 182f47b7c6 popover_menus: Extract popovers using tippy in a separate module. 2021-06-18 17:13:20 -07:00
Tim Abbott 0a1eaf0384 i18n: Reorganize language_list logic.
This reorganization follows our modern coding conventions for avoid
leaving data in page_params that should be owned by a single module.
2021-06-17 17:22:10 -07:00
Gaurav Pandey 56d85fb833 settings: Remove default_language_name from page_params.
default_language_name was a part of page_params which is actually
redundant considering that we already have language_list and
default_language available to frontend which can be used to
get the default_language_name and hence prevents the backend
from sending an additional parameter.

Fixes part of #18673.
2021-06-17 16:56:21 -07:00
Aman Agrawal 99cd837421 css: Introduce class which will hide elements for spectators.
`.hidden-for-spectators` class can now be used to hide elements
which should not be visible to spectators.
2021-06-16 10:16:04 -07:00
Ganesh Pawar 1d4b6c1320 about_zulip: Migrate to handlebars.
This results in moving the `zulip_merge_base` parameter to
page_params, so that it's available to JavaScript.

Since this is technically a tiny overlay, it needs to be initialized
before hashchange.js.
2021-06-15 11:55:20 -07:00
Ganesh Pawar 8744b42beb message_history: Migrate to handlebars. 2021-06-15 11:31:01 -07:00
Aman Agrawal 88454307cd recent_topics: Split into three modules.
We split recent_topics module into recent_topics_(ui + data + util).

This allows us to reduce cyclical dependencies which were
created due to large list of imports in recent topics. Also, this
refactor on its own makes sense.
2021-06-10 15:53:05 -07:00
Riken Shah 51e24519b8 refactor: Rename `panels.js` to `navbar_alerts.js` as it better explains it. 2021-05-21 17:49:12 -07:00
Tim Abbott 2e67b879ed api: Add server_timestamp to register response.
Since this is currently only useful to interpret presence data, we
send this only if presence is requested.

I'm not sure that server_timestamp is the right name for this field,
but ultimately it should match the main presence API format.
2021-05-20 14:57:34 -07:00
akshatdalton 769cd06ab6 refactor: Extract linkifier non-settings logic from `markdown.js`.
The extracted logic is in linkifier.js.
We have decided to name it linkifier.js instead of realm_linkifier.js
because in future when we will add stream-level linkifiers, we'll
likely want them to be managed by this same file.
2021-05-19 11:59:28 -07:00
Sumanth V Rao 215320bc72 settings_playground: Add typeaheads for `pygments_name` field.
The typeahead suggests a human-readable `pretty_name` for the
`language` field in the add-playgrounds form.

The suggestions are sorted based on the popularity of these
languages.

E.g: A `py` prefix would match with `Python` first before
matching with others like `Python 2.x` based on priority.
2021-05-04 11:39:33 -07:00
Ken Clary 74dbcdf2a8 frontend: Change 'reply' button label to reflect selected message.
The 'reply' button shows the stream>topic or recipient(s) of the
selected message, for better UX.  It also expands to fill the
remaining horizontal space in the button bar -- this should help make
it easier for new users to figure out how to reply.

Finally, it uses "Message" instead of "Reply", to better match the
compose box.

Fixes #17940.
2021-05-03 14:58:02 -07:00
ligmitz 91c81eadd0 sidebars: Fix truncated lists when notifications panel is visible.
When notifications panel is open at the top, the buddy list and
streams-filter container gets truncated due to max-height exceeding
the necessary value. The commit fixes the issue by subtracting the
panels height when it is visible.  The logic to do so is already
present, but we need to ensure that we trigger the full resize code
when we get into this situation.

Fixes: #18221
Fixes: #17823
2021-04-28 08:34:59 -07:00
Anders Kaseorg 178736c8eb docs: Fix spelling errors caught by codespell.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-26 09:31:08 -07:00
PIG208 7b60ce1d70 js: Make alert_popup shared.
It allows the click handler for the "x" button, and the stacktrace
toggler to be shared between webapp and the portico pages.

Reimplements #17801.
2021-04-26 09:27:49 -07:00
Aman Agrawal 70d444a8eb compose: Move to `hbs` file and append it to DOM on init.
We move compose.html to compose.hbs file while keeping
`#compose` still in `home.html` as a hanger
where append rest of the elements.

This will provide us with two benefits:
* We could share common elements between message_edit_form and
compose.
* We can insert compose directly in any element. We may decide to
do it for recent topics.
2021-04-19 16:53:30 -07:00