Commit Graph

23 Commits

Author SHA1 Message Date
Steve Howell fdd63546b2 linters: Rewrite check-templates.
I rewrote most of tools/lib/pretty-printer.py, which
was fairly easy due to being able to crib some
important details from the previous implementation.

The main motivation for the rewrite was that we weren't
handling else/elif blocks correctly, and it was difficult
to modify the previous code. The else/elif shortcomings
were somewhat historical in nature--the original parser
didn't recognize them (since they weren't in any Zulip
templates at the time), and then the pretty printer was
mostly able to hack around that due to the "nudge"
strategy. Eventually the nudge strategy became too
brittle.

The "nudge" strategy was that we would mostly trust
the existing templates, and we would just nudge over
some lines in cases of obviously faulty indentation.

Now we are bit more opinionated and rigorous, and
we basically set the indentation explicitly for any
line that is not in a code/script block. This leads
to this diff touching several templates for mostly
minor fix-ups.

We aren't completely opinionated, as we respect the
author's line wrapping decisions in many cases, and
we also allow authors not to indent blocks within
the template language's block constructs.
2021-11-23 15:55:54 -08:00
Steve Howell 4792af5682 templates: Prevent dangling end tags.
In cases where an opening tag is so long that we stretch
it to 2+ lines of code, we should try to use block-style
formatting in the template code.

Unfortunately, we have lots of legacy code that violates
this concept, so this is a timid fix.

There are also legit use cases like textarea where we
probably need to keep the ugly template syntax for things
to render properly.
2021-11-23 15:55:54 -08:00
Ganesh Pawar 7a505e3857 user_profile_modal: Migrate modal to Micromodal. 2021-11-10 11:04:38 -08:00
Sahil Batra 9f99dee687 user_profile: Show user_id in full user-profile modal. 2021-10-29 16:08:35 -07:00
m-e-l-u-h-a-n 63fcc740a8 minor: Make group tab selector in profile modal more specific.
This is just to have a common pattern in stream and group tab.
2021-07-02 13:53:46 -07:00
m-e-l-u-h-a-n a428e546b8 minor: Make stream tab selector in profile modal more specific.
It is changed to avoid having an id that is too generic
and could invite unwanted bugs.
2021-07-02 13:53:46 -07:00
m-e-l-u-h-a-n ee5aefee32 popovers: Add clear input button to stream search widget.
We show it only when it contains some text in it.

Fixes: #18878.
2021-07-01 14:30:31 -07:00
m-e-l-u-h-a-n 0d3f229283 popovers: Add filter widget for stream list in profile modal. 2021-07-01 14:30:30 -07:00
m-e-l-u-h-a-n 995048c4bc popovers: Add header to stream list in profile popover. 2021-07-01 14:30:06 -07:00
sahil839 bb816e1998 settings: Separate "Your account" section in two different sections.
We separate "Your account" section to two different sections -
"Profile" section for user name, custom profile fields, and avatar
and "Account & Security" section for email, password, role, api-key
and deactivating button.

Another important change here is that the modal for changing name
is removed and now the name has a simple input text box and it
behaves similar to inputs for custom-profile-fields.

Fixes #18848.
2021-06-30 16:56:03 -07:00
m-e-l-u-h-a-n c6f8b9d807 profile: Add unsubscribe button in user profile modal.
We add unsubscribe button in the stream list that allows
users and admins to unsubscribe them using profile modal.

If a user attempts to unsubscribe from a private stream
we redirect them to do so from stream setting overlay
to avoid a really confusing user experience as we ask
for confirmation before unsubscribing such streams.
2021-06-30 15:17:26 -07:00
m-e-l-u-h-a-n 14f46a831d popovers: Add data-user-id in user profile modal. 2021-06-29 16:50:04 -07:00
m-e-l-u-h-a-n e10a315efd temaplate: Separate stream and user group tabs in user profile modal.
We had stream and group tab inside a common div with class
`subscription-group-list` due to this adding any info
elements like alert boxes that were specific to one of them
became difficult. To fix this we keep them in their own
`.tabcontent` div. This change also makes the handling of
display of different tabs a lot easier and cleans
up unnecessary javascript code that was handling the
display of common parent div of stream and group tab.
2021-06-23 08:08:23 -07:00
m-e-l-u-h-a-n 775b8eb05f template: Correct sequence of stream and group tab.
We show stream tab before user-group tab but in the template
this order was reversed that created confusion while editing
any one of them. So we correct their order in the template
to reflect the order we show in UI.
2021-06-23 08:08:23 -07:00
Tim Abbott 420500ab25 user_profile_modal: Fix duplicate 'Last active' notice.
This fixes a regression in 16bd6e6b1d
that caused the user profile modal to display "Last active: Last active: ...".

I'm not convinced these are the best visuals, but the whole modal
needs a visual refresh.
2021-06-11 07:59:59 -07:00
m-e-l-u-h-a-n b080417960 popovers: Add tabs for profile, groups and streams in user_info modal.
Fixes: #16233.

Co-authored-by: Abhirup Pal <abhiruppalmethodist@gmail.com>
2021-06-11 07:56:32 -07:00
Anders Kaseorg dd3fa4ac52 templates: Mark all void tags as self-closing.
This reverses the policy that was set, but incompletely enforced, by
commit 951514dd7d.  The self-closing tag
syntax is clearer, more consistent, simpler to parse, compatible with
XML, preferred by Prettier, and (most importantly now) required by
FormatJS.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-21 09:49:34 -07:00
Anders Kaseorg 5fed442bb1 templates: Remove context argument from {{#tr}} block helper.
It only had one nontrivial use, and it’s easily replaced using the
builtin {{#with}} block helper.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-13 18:59:46 -07:00
Tim Abbott a2767e8c50 CVE-2020-14194: Use noopener/noreferrer for external links.
We fixed the main issue of this form in CVE-2020-9444, but the audit
done at that time only included links found in rendered_markdown; this
change completes our audit for links with target=_blank anywhere in
the codebase.
2020-06-16 23:35:39 -07:00
Tim Abbott 4fff858aa2 templates: Fix missing quoting of attributes in HTML templates.
This fixes a bundle of issues where we were missing "" around
attributes coming from variables.  In most cases, the variables were
integers or fixed constants from the Zulip codebase (E.g. the name of
an installed integration), but in at least one case it was
user-provided data that could potentially have security impact.
2020-06-16 23:35:39 -07:00
Anders Kaseorg 68cfcd6446 CVE-2020-9444: Prevent reverse tabnabbing attacks.
While we could fix this issue by changing the markdown processor,
doing so is not a robust solution, because even a momentary bug in the
markdown processor could allow cached messages that do not follow our
security policy.

This change ensures that even if our markdown processor has bugs that
result in rendered content that does not properly follow our policy of
using rel="noopener noreferrer" on links, we'll still do something
reasonable.

Co-authored-by: Tim Abbott <tabbott@zulipchat.com>
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-01 14:01:45 -07:00
vinitS101 a82ad468f9 user status: Change Last online to Last active.
Change "Last online" to "Last active" in the full user profile.
2019-08-07 16:20:19 -07:00
Anders Kaseorg 3c3471b720 templates: Rename *.handlebars ↦ *.hbs and - ↦ _.
Tweaked by tabbott to avoid accidentally disabling the linter for
handlebars templates.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-07-12 21:11:03 -07:00