Commit 903dbda79b (#25370) introduced a
cross-site scripting vulnerability in the tooltips for the stream and
topic in the recipient bar. An attacker who can send messages could
maliciously craft a topic for the message, such that a victim who
hovers the tooltip for that topic in their message feed triggers
execution of JavaScript code controlled by the attacker.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit fixes the vertical alignment of "x" button in the
alert to be more closer to the center. We can still improve it
by probably using something like flexbox layout instead of
hard coding paddings or margins.
We were not showing the error, if any, when resolving and
unresolving the topic using topic popover in left sidebar
or using the banner in compose box. This commit adds code
to show the error in the message feed where we show other
errors like connection error, etc.
Twitter removed their v1 API. We take care to keep the existing cached
results around for now, and to not poison that cache, since we might
be able replace this with something that can still use the existing
cache.
This moves selection of the correct input box / textarea to
a `on_hidden_callback` of dropdown widget, which also allows us
to just simplify `on_compose_select_recipient_update` to only
call `switch_message_type` when necessary so that it doesn't
interfere with setting focus.
Fixes#25779
We move the simplebar scroll on the right sidebar to a little left
when there is an overlay scrollbar present so that user can drag
either of them.
It is unusal to use a hack to close overlays when there is a method
to do it.
This fixes a bug where user is unable to scroll message feed
after opening an overlay and then using browser back button.
This could have easily cause other bugs too.
This fixes a bug where reducing the height of the window, reduces
the size of textarea and doesn't instroduce scrollbars, making
the textarea not scrollable.
This commit adds a long hover delay [750,20] to recipient bar icons.
Doing this prevents the situation when the tippy tooltips are left
floating when the icons suddenly disappear as you enter the topics
according to the organization settings and the references are removed.
Adding an additional delay ensures that the icons disappear and then
the tooltips appear.
When overlay / modal is displayed, scrollbar is hidden due to
the disabled scrolling on `html`. Reduce width of fixed elements
that will be visible in background and `html` so that they don't
occupy that extra space.
Also, I was over-thinking how we can get the scrollbar width. The
moment we allowed scrolling on `html`, it was easy to get the
scrollbar width.
This fix prevents the active-message outline from being obscured
under certain conditions, such as when setting a browser to zoom
out at 90% or less.
Suggested-by: Anders Kaseorg <anders@zulip.com>
Part of splitting creating and editing scheduled messages.
Final commit. Should be merged with previous commits in series.
Updates the API documentation for the new endpoint for editing
scheduled messages.
Part of splitting creating and editing scheduled messages.
Should be merged with final commit in series. Breaks tests.
Splits out editing an existing scheduled message into a new
view function and updated `edit_scheduled_message` function.
Part of splitting creating and editing scheduled messages.
Should be merged with final commit in series. Breaks tests.
Removes `scheduled_message_id` parameter from the create scheduled
message path.