We fixed the main issue of this form in CVE-2020-9444, but the audit
done at that time only included links found in rendered_markdown; this
change completes our audit for links with target=_blank anywhere in
the codebase.
We now prevent these variations:
* <hr/>
* <hr />
* <br/>
* <br />
We could enforce similar consistency for other void
tags, if we wished, but these two are particularly
prevalent.
Commit 03393631bd (#14142) regressed the
keyboard accessibility of the keyboard shortcuts modal. Fix it by
moving tabindex="0" to the scrolling element of the SimpleBar.
Fixes#14320.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
The simplebar is the default scrollbar throughout majority of Zulip but
it was missing in "Keyboard shortcuts", "Message formatting" and "Search
operators" modals. Added simplebar in the 3 modals.
We were using these hollowed out arrows characters (⇽ , ⇾) in a few
places, these were inconsistent with the solid up and down arrow
characters (↑ , ↓) we use otherwise. This commit replaces them
everywhere in the codebase.
Fixes: #11573.
This moves help_table to informational-overlays.scss, replaces "," with
"or" and "P" with "shift + p" in order to be more clear and legible
this also improves the styling of the text.
Also adds relevant tests and documentation. We currently
do not narrow to a new topic, and instead just narrow to
the stream. Similarly, we do not narrow to a PM if any of
the recipients are invalid.
This should make it easier to find the templates that are actually
part of the core webapp, instead of having them all mixed together
with the portico pages.
Tim Abbott
Steve Howell
Anders Kaseorg
vaibhavrajsingh2001
YashRE42
Rishi Gupta
vinitS101
Rohitt Vashishtha
Tim Abbott
Joshua Pan
Anupam Dagar
Aastha Gupta