Commit Graph

45 Commits

Author SHA1 Message Date
Steve Howell f7b432afec node tests: Auto-include zblueslip for node tests.
We already use blueslip stubs in ~45 tests, so we
may as well just auto-include it.
2020-04-03 12:56:49 -04:00
Steve Howell 2788ebdde7 minor: Clean up blank lines in tests. 2020-04-03 12:56:49 -04:00
Anders Kaseorg 1c8950900f frontend: Defensively filter unsafe links that may come from bugdown.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-01 14:01:45 -07:00
Anders Kaseorg 68cfcd6446 CVE-2020-9444: Prevent reverse tabnabbing attacks.
While we could fix this issue by changing the markdown processor,
doing so is not a robust solution, because even a momentary bug in the
markdown processor could allow cached messages that do not follow our
security policy.

This change ensures that even if our markdown processor has bugs that
result in rendered content that does not properly follow our policy of
using rel="noopener noreferrer" on links, we'll still do something
reasonable.

Co-authored-by: Tim Abbott <tabbott@zulipchat.com>
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-01 14:01:45 -07:00
shubhamgupta2956 efda2684ea util: Replace util.get_message_topic().
Replace `util.get_message_topic(message)` with `message.topic`.

Fixes #13931
2020-02-21 09:53:45 -05:00
Steve Howell 39405fccdc util: Prepare to remove get_message_topic().
I am not quite ready to declare victory on
the subject/topic migration, but we are super
close.  In this commit I bump a blueslip
warning to a blueslip error, so that we'll
be notified of any codepath that is still
using the janky fall-back-to-subject defensive
code here.

If we go a couple days without any errors, then
we can remove the blueslip warning and the
defensive code immediately and then inline
the callers at our leisure.  I wouldn't be
wildly against keeping these wrappers in some
parts of the code, but that debate is out of
the scope of this immediate fix, and I haven't
thought hard about it yet.

We can basically sweep set_message_topic() now,
if we wanted to, since it's truly just a one-liner.
(At one point it was encapsulating something
like `message.subject = foo`).

This required a tiny change to compose_fade
test setup.
2020-02-15 21:14:00 +00:00
Steve Howell c9a52411ae util: Kill off rtrim() helper.
I am 99% sure we can rely on trimRight() and
trim() being available in all browsers that
we support.  I verified in FF.

This removes the util dependency from both
modules touched here.
2020-02-15 12:20:20 -08:00
Steve Howell 9ab07d1038 util.js: Remove util from window.
We now treat util like a leaf module and
use "require" to import it everywhere it's used.

An earlier version of this commit moved
util into our "shared" library, but we
decided to wait on that.  Once we're ready
to do that, we should only need to do a
simple search/replace on various
require/zrequire statements plus a small
tweak to one of the custom linter checks.

It turns out we don't really need util.js
for our most immediate code-sharing goal,
which is to reuse our markdown code on
mobile.  There's a little bit of cleanup
still remaining to break the dependency,
but it's minor.

The util module still calls the global
blueslip module in one place, but that
code is about to be removed in the next
few commits.

I am pretty confident that once we start
sharing things like the typeahead code
more aggressively, we'll start having
dependencies on util.  The module is barely
more than 300 lines long, so we'll probably
just move the whole thing into shared
rather than break it apart.  Also, we
can continue to nibble away at the
cruftier parts of the module.
2020-02-15 12:20:20 -08:00
Steve Howell e9c6653852 node tests: Always enforce blueslip warn/error/fatal.
We now require all of our unit tests to handle
blueslip errors for warn/error/fatal.  This
simplifies the zblueslip code to not have any
options passed in.

Most of the places changed here fell into two
categories:

    - We were just missing a random piece of
      setup data in a happy path test.

    - We were testing error handling in just
      a lazy way to ensure 100% coverage.  Often
      these error codepaths were fairly
      contrived.

The one place where we especially lazy was
the stream_data tests, and those are now
more thorough.
2020-02-07 14:15:44 -08:00
Vaibhav Raj Singh 1fa46b1963 compose: Improved warning for wildcard mentions.
Edited the warning to clearly state that most members/most stream members
will be notified on using wildcard mentions, along with the specific
mention (e.g. @ALL, @everyone and @stream).

Did a separate check for all wildcard mentions in util.js and stored the
corresponding mention in wildcard_mention inside compose.js.

Fixes: #13636
2020-01-31 12:24:35 -08:00
Anders Kaseorg 28f3dfa284 js: Automatically convert var to let and const in most files.
This commit was originally automatically generated using `tools/lint
--only=eslint --fix`.  It was then modified by tabbott to contain only
changes to a set of files that are unlikely to result in significant
merge conflicts with any open pull request, excluding about 20 files.
His plan is to merge the remaining changes with more precise care,
potentially involving merging parts of conflicting pull requests
before running the `eslint --fix` operation.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-11-03 12:42:39 -08:00
Nikhil-Vats 38be5ea743 message_edit_history: Add UI for seeing topic edits.
Users can previously see only message content edits, this will enable
them to see topic edits too in the same section, fixes #3731.

Fixes #3731.
2019-03-25 15:10:47 -07:00
Rohitt Vashishtha 5c2e64d6a2 tests: Fix accidental uses of assert() -> assert.equal(). 2019-02-20 10:41:42 -08:00
Steve Howell 37c78abe14 frontend: Use topic on message.
This seems like a small change (apart from all the
test changes), but it fundamentally changes how
the app finds "topic" on message objects.  Now
all code that used to set "subject" now sets "topic"
on message-like objects.  We convert incoming messages
to have topic, and we write to "topic" all the way up
to hitting the server (which now accepts "topic" on
incoming endpoints).

We fall back to subject as needed, but the code will
emit a warning that should be heeded--the "subject"
field is prone to becoming stale for things like
topic changes.
2019-01-07 19:20:56 -08:00
Steve Howell 9b4f804fd1 message_edit: Add util.get_edit_event_orig_topic().
This extracts this bit of parsing logic for message_edit events.
2018-12-29 14:14:40 -08:00
Steve Howell 773e85309c topics: Make util more flexible about subject/topic. 2018-12-29 11:40:57 -08:00
Tim Abbott bdb3da4504 eslint: Add key-spacing linter rule.
Apparently, we didn't have one of these, and thus had a moderate
number of generally very old violations in the codebase.  Fix this and
clear the ones that exist..
2018-12-18 10:41:06 -08:00
Steve Howell 057ee6633a reload: Use "topic" to encode compose topic. 2018-12-16 11:26:18 -08:00
Tim Abbott b2939cdf19 lint: Fix comma spacing in node tests.
I apparently failed to check the tests codebase before merging the
last linter commit.  Oops.
2018-12-07 13:14:28 -08:00
Shubham Dhama cc03f9fb8f eslint: Enable space-infix-ops rule.
More about rule at  https://eslint.org/docs/rules/space-infix-ops
2018-06-05 00:47:35 +05:30
Tim Abbott c8db7b7dd7 node: Provide a default window object for the node tests.
This is preparation for our migration of our JS pipeline to webpack,
which includes as part of the process a hack of exporting globals via
the window object.
2018-05-31 14:55:28 -07:00
Steve Howell 42435db492 Add run_test helper for individual tests.
This run_test helper sets up a convention that allows
us to give really short tracebacks for errors, and
eventually we can have more control over running
individual tests.  (The latter goal has some
complications, since we often intentionally leak
setup in tests.)
2018-05-15 08:24:44 -07:00
Shubham Dhama b650b6b38c markdown: Add @stream as an alias for @all.
Fixes: #8930.
2018-04-09 16:35:14 -07:00
Shubham Dhama a32e1eb913 markdown: Require double-asterisk around all mentions.
This enforces `**` around all the mentions including "at-all" and
"at-everyone" mentions. Hence this makes `@all` and `@everyone`
invalid mentions, resulting into proper syntax for these mentions as
`@**all**` and `@**everyone**` respectively.

Note from tabbott: This removes an old feature/syntax, which made
sense back when @Tim was also a way to mention a user with Tim as
their first name.  Given how nice typeahead is now, the user part of
the feature was removed a while ago; this should have gone at the same
time.

Fixes: #8143.
2018-02-16 11:45:08 -08:00
Steve Howell a1c5b0928e node tests: Use zrequire in util.js. 2017-11-08 12:24:17 -08:00
Cory Lynch b13265d135 util: Remove execute_early.
This function was removed in favor of loading everything in
ui_init.js. The asynchronous nature of jQuery 3 document-ready
events may cause an undesirable order in which these are executed.
2017-07-04 13:54:33 -07:00
Joshua Pan ccd880094e util.js: Refactor util.strcmp into util.make_strcmp. 2017-06-07 19:45:46 -05:00
Joshua Pan 2bf48e58aa node tests: Get util.js to 100% node coverage. 2017-06-07 19:45:46 -05:00
Joshua Pan 9d862ab3d3 node tests: Make util.js use zjquery. 2017-06-07 19:45:46 -05:00
Steve Howell eed41bfd0a Compare recipients using to_user_ids to fix live updates.
If you send a group PM from the home view, and then one of the
recipients changes their email, and then you send a group PM
to the same recipients, we need to make sure we don't create
a spurious recipient bar.  This fix makes this happen by
changing util.same_recipient() to look at user ids instead of
emails.
2017-02-26 16:18:02 -08:00
Steve Howell 4d0d18ba14 Use stream_id in recipient comparisons.
Using stream_id in recipient comparisons fixes a
bug in this scenario: go to home view, send message
to stream, wait for admin to rename stream, send
another message to the stream.  Before this change,
the stream name would live-update but you'd get a
spurious recipient bar due to the prior message still
having the old stream name in places internally.

There were other ways to fix the live-update glitch,
but it's just generally cleaner to do stream id
comparisons.

Part of this change is to add stream_id to
compose_fade.set_focused_recipient().
2017-02-26 16:18:02 -08:00
Steve Howell b3dfa79482 Remove obsolete util.same_major_recipient(). 2017-02-26 16:18:02 -08:00
Tim Abbott 5c34c601d9 compose: Trim trailing whitespace in messages.
This should ensure that local echo matches the backend in handling of
unusual input like `/me `.
2017-02-11 23:01:22 -08:00
Bojidar Marinov 9682d26561 invite: Leave not yet invited users in the invite modal's textarea.
Also, make zerver tell us whether invitations were sent.

Fixes #2287.
2016-12-27 17:14:21 -08:00
lonerz dc6849952b eslint: change space-before-function-paren from warning to error.
Also fix violations.
2016-12-05 09:50:37 -08:00
Rafid Aslam 426cb13e23 Remove `enforce_arity` function from util.js.
Remove `enforce_arity` function from util.js, because it is
not used anymore.
2016-12-03 18:43:46 -08:00
Tim Abbott 459421d045 eslint: Update node tests to use new comma-dangle rules.
* In most cases, eslint --fix with the right comma-dangle settings was
  able to update the code correctly.

* The exceptions were cases where the parser incorrectly treated the
  arguments to functions like `assert_equal` as arguments; we fixed
  these manually.  Since this is test code, we can be reasonably
  confident that just fixing the failures suffices to correct any bugs
  introduced by making changes automatically.
2016-12-03 15:00:24 -08:00
kevv87 e6369fc29b eslint: change no-plusplus from warning to 2 and fix violations. 2016-12-01 14:27:17 -08:00
Tommy Ip c90da24541 eslint: change keyword-spacing from warning to error and fix violations. 2016-12-01 14:22:15 -08:00
Steve Howell d953eca14c Make group PMs reply-to's more consistent in case.
We now sort lists of users ids deterministically, and we also
sort list of emails deterministically and without regard to case.

This probably fixes the bug #2343, although I never got a great
repro on that.
2016-11-26 11:48:52 -08:00
Tim Abbott e40e756d47 echo: Fix local echo sending a message to "yourself, ".
Previously, this would incorrectly include a user with name and email
"" in the recipients list shown in the local echo code path.

We fix this and add a test for the issue.
2016-11-14 21:43:13 -08:00
Tim Abbott 49bea381b7 zjsunit: Fix running stream_data and node tests individually.
These tests failed if you ran them along with:
 `ReferenceError: $ is not defined` errors.

Fixes #1909.
2016-10-04 18:38:17 -07:00
Tomasz Kolek b1b864341c Fix @all spam warning when typing @all in backticks.
When user'd like to send a message with @all in backticks
they see spam warning in spite of the fact that nobody
would be alerted.

Fixes: #1505.
2016-08-18 16:10:09 -07:00
Givorenon 0bf2d171ae Fix fading of messages in dialog and users in side-bar.
Make comparison of emails in compose_fade.js and util.js
case-insensitive to fix fading of users and messages respectively.
2016-06-07 21:31:47 -07:00
Tim Abbott 10657c1d53 Move node tests to node_tests/. 2015-10-28 10:11:47 -07:00