Commit Graph

19 Commits

Author SHA1 Message Date
Anders Kaseorg 46e562f990 bootstrap: Change tooltip html default to false.
Bootstrap v2.2.0^2~40^2~6 changes this default to false, so this is a
prerequisite to upgrading Bootstrap, and it’s also safer.

This closes an HTML injection path via user full names in the emoji
reaction tooltip.  It doesn’t appear to be exploitable for cross-site
scripting because we disallow `>` in full names, and the code happens
to be written such that the next `>` is in a different parser
invocation.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-19 20:53:10 -07:00
Tim Abbott 8779e550a4 popovers: Use fix_positions option for streams popover.
The fix_positions argument here fixes the horizontal
position of the stream popover.

It also fixes the vertical position, both in the default case, and
also doing an appropriate adjustment for the case that the color
picker is open.

This contains a few changes by tabbott to, rather than hiding the
arrow unconditionally, only do so when it would no longer point at the
right part of the screen.

Fixes #2374.
Fixes #6059.
Fixes #7290.
2019-02-14 16:58:00 -08:00
Steve Howell 66c6423001 popovers: Restructure hardcoded "top" for user popover.
The patch to bootstrap will make the position smarter, but we still
want to preserve the 100px default vertical offset we chose for visual
reasons.

Tweaked by tabbott to preserve the visual design.
2019-02-14 16:34:15 -08:00
Steve Howell 21ccf45db9 bootstrap: Patch popover position calculations.
For large popovers (and tooltips) we want to avoid
having the popovers go offscreen.

Fixes #11469.
2019-02-14 16:32:57 -08:00
Tim Abbott cb9b526f0c third: Extract bootstrap typeahead to its own module.
Bootstrap's typeahead is the main part of the project that we've
forked, and moving it to its own module should help unlock our ability
to upgrade bootstrap itself.
2018-12-17 09:06:52 -08:00
Tim Abbott 3079cf803c Revert "typeahead: Tab opens typeahead if not open with a non-empty input."
This reverts commit 0e2c509a24.
2018-12-04 13:58:00 -08:00
Tim Abbott 9ea4f50c1b Revert "search: Open typeahead on empty string only if lookup triggered by Tab."
This reverts commit b961093c14.
2018-12-04 13:58:00 -08:00
Shubham Padia b961093c14 search: Open typeahead on empty string only if lookup triggered by Tab.
Fixes part of #10026.
Adds additional option to typeahead:
`tabOpensEmptyTypeahead`(default: false):
tabOpensEmptyTypeahead overrides helpOnEmptyStrings.
This commit sets helpOnEmptyStrings to false and
tabOpensEmptyTypeahead to true. Now typeahead will
open on an empty string only if Tab has been pressed.
2018-12-03 16:54:38 -08:00
Shubham Padia 0e2c509a24 typeahead: Tab opens typeahead if not open with a non-empty input.
Fixes part of #10026.
NOTE: The Tab key will select option from typeahead if the typeahead
is already open i.e the same behaviour as Enter.
NOTE: This behaviour applies irrespective of search pills are enabled
or not.
2018-12-03 16:54:38 -08:00
Shubham Padia 28589c5563 search pills: Backspace should remove a search pill with typeahead open.
Fixes part of #10026.

Typeaheads stopped propogation of keydown and keyup events for any
key except tab and enter. If stopAdvance was true even tab and enter
were not allowed.

advanceKeyCodes option was added to typeahead which allowed to specify
key codes for which propogation of keydown and keyup events should not
stop. advanceKeyCodes does not respect the stopAdvance option.
As the backspace key code is added to advanceKeyCodes in search.js,
the backspace key deletes pill on pressing backspace if input is empty
or only consists of spaces.
2018-07-30 14:33:06 -07:00
Brock Whittaker 70a14d8b44 bootstrap: Patch bootstrap.js to support contenteditable.
If the lookup input is contenteditable, it should be searching for text
rather than input.
2017-11-10 14:14:03 -08:00
Brock Whittaker 0c42e4a705 typeahead: Fix typeahead positioning for iOS keyboard case.
When the iOS keyboard is open and up, the positioning gotten by
getBoundingClientRect will display a `top` value that is short by the
height of the keyboard, which will usually end up placing things north
of the top of the screen.

By changing to jQuery $.fn.offset instead, the positioning appears to
be correct in all cases; iOS keyboard up, down, and desktop usage.

Fixes: #6366.
2017-10-04 17:39:42 -07:00
Rohith Asrk 213b8cef0c Bootstrap.js: Fix null is not an object error. 2017-01-19 16:28:17 -08:00
Igor Tokarev 0bac986f26 Fixed compose box PM recipient typeahead handling of focus.
This closes #2315.
2016-12-07 22:13:47 -08:00
Brock Whittaker 0e3332d86e [Bootstrap]: Fix Null Case Issue.
This fixes the case in which `this` evaluates as null and throws an
error in TravisCI.
2016-12-02 11:58:53 -08:00
Leo Franchi eaa777b612 Use feature detection for bootstrap typeahead key handling
(imported from commit 1ce443d3e61920bf5842b31263141d4f175a6514)
2014-02-12 14:31:56 -05:00
Kevin Mehall f944a8ed0e [third] Don't move typeahead popups when the body scrolls.
Trac #1479

All our typeaheads use this, but I made it an option that must be enabled
explicitly since it is not default bootstrap behavior.

(imported from commit 97852dc407d1f6dbe46b5fdd2c56d3ed8c6718d2)
2013-08-21 16:29:12 -04:00
Steve Howell 546ae1023c Remove smartSpaceBar option from typeahead and search.
The option caused some race conditions on Firefox, and it is
really made moot by the naturalSearch option anyway.

(imported from commit dc7080c905ced9b2f4ad4275d82549acf09a59f7)
2013-07-29 16:42:14 -04:00
Tim Abbott 3bba0cc927 Move zephyr/static to just static.
It's not really a part of the server (aka the rest of zephyr/).

(imported from commit 27f6b6b064938ad927075a68d873e4b68710d279)
2013-07-29 12:11:26 -04:00