It's 2022 and the WHATWG no longer recognizes the term URI. Everything
is now a URL or a type of URL. Which is great because it's way less
confusing. Details here:
https://url.spec.whatwg.org/
An attacker could maliciously craft a full name for their account and
send messages to a topic with several participants; a victim who then
opens an overflow tooltip including this full name on the recent
topics page could trigger execution of JavaScript code controlled by
the attacker.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This reverts commit f3964673e7.
It broke drafts_scroll by confusing jQuery object APIs with DOM
element APIs.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This should increase its visual priority in the UI. We plan to move
"Private messages" to a different component more similar to STREAMS
soon.
Fixes#20869.
This commit removes the unnecessary `data-list-widget` attribute
present in the <div> and <tbody> tag for muted_topics and muted_users table.
It became unnecessary/useless in 19cf6d0e04 and
then was renamed while still useless.
Also uses the correct variable name `muted_topic` and `muted_user`
instead of `muted_topics` and `muted_users` to render a item of their list
in DOM through Listwidget.
This changes the method of rendering list of alert words in DOM,
earlier it was rendered using 'for' loop over the array of alert_words
which is now changed to render using ListWidget, which gets a array
of objects from get_word_list() in alert_words.js.
The use of ListWidget helps to define a parent_container and $container
in table-body of alert-words-table using which we can now apply sorting over
alert words with the help of handle_sort() function in list_widget.js
Changed the method of adding alert_word_settings_item row in table body
through {{#with}} loop because of rendering through ListWidget, which was done
earlier using for loop over each alert-word in while rendering the list.
this commit also mocks template of render_alert_word_item
while mocking ListWidget.create() function in render_alert_words_ui().
and checks that ListWidget.create() is not called when variable `loaded`
is set as false.
Fixes#21142.
This commit adds option to deactivate user to "Manage user" modal.
A modal is opened on clicking the option to confirm the deactivation
and the "Manage user" modal is closed.
The error from the server, if any, is shown in the modal itself
and in case deactivation is done successfully, the modal is closed.
Fixes#18944.
This will help us avoid some duplicate code when
we use input pills for stream-create.
See the long comment in set_up_handlers() for
more context.
We also rename:
submit_add_subscriber_form -> subscribe_new_users
Ideally set_up_handlers() would also extract the
concept of clearing the pills as soon as you either
hit enter or clicked on the Add button, but our
current paradigm for clearing pills when you edit
subscribers for an existing stream on the Subscribers
tab is that we wait for the server to acknowledge
the request. I believe this is a bit of a misfeature,
but I am punting on that change for now.
d6fb439c7a removed the option to remove owner from the edit form available
to admins, but the option was still present in the edit form available to
the owner of bots in "Bots" section of personal settings. This commit
removes the option from form in "Bots" section of personal settings as well.
Notifies user when messages are not being marked as read through a
banner that lets them mark all messages in the narrow as read. Note
that the banner is only displayed if the user's actions, like
scrolling, would've actually marked the messages as read.
This avoids distracting the user when viewing a thread they've already
read.
tabbott has verified that if new messages come in, the banner will reappear.
Fixes: #18768.
Show/hide scroll to bottom button when the last message is
not visible in the current scroll position.
We adjust the bottom offset of the button based on compose box
height.
Fixes#19862
We save the preferred theme in localstorage so that user doesn't
have to re-select the theme on every reload. Users on slow
computers might see flash of a theme change, if it happens.
For our Subscribers tab we want to enclose our
add-subscriber widget in a form for now, and we
continue to do so, but now we have the form tag
getting created in the parent template, not the
child.
Here is why:
We want to re-use our add-subscriber widget in an
upcoming commit for when you create streams.
In our create-stream UI, there is already an outer
<form>...</form> section of the HTML for the entire
process of creating a stream.
HTML does not yet you nest forms, and even though
browsers just silently ignore an inner form, we won't
want to create semantically incorrect HTML.
Therefore, we want the child template not to have
the form tags around them.
It's possible that we don't really even want to
enclose the input-pill widget and Add button inside
a form for the Subscribers tab, but tweaking that
for now is too risky. (We don't really take advantage
of the form tag in any meaningful way, since we
don't directly submit form data to the server, and
we can't use a single submit handler for the Enter
key and Add button due to some magic in our input
pills.)
We want to avoid submit handlers here, because we may
have embedded widgets that have their own forms or
buttons.
We use "finalize" here to distinguish the two Create
buttons related to streams. You hit one button to
start the UI and then the second button to finalize
the process.
I also fix the bad test idiom of clicking on the
sea-green button.
You don't start auto-completing user groups with an @,
so the previous placeholder text made no sense.
There might be a better way to do autocomplete in
these add-subscriber input pills, but that is beyond
the scope of my current efforts.
This adds tabindex='0' in anchor tags for allowing the message menu
popover box to be focusable using hotkey 'i' through keyboard.
This is a necessary follow up to
729c09074a, which removed the href
attribute from anchor tags to which click-handlers were attached,
which resulted in making them non-focusable as jQuery doesn't allow
anchor tags to be focusable without tab-index or href attribute.
Fixes#21125.
Previously the emoji_status set by the user would only be seen in a
few places, it was decided that it would be useful to show the
emoji_status in a couple of other additional places as well.
As such this commit uses the status_emoji template to show the status
emoji in the compose_pm typeahead and the mentions typeahead.
Status emoji changes do not live update these, but neither do user
renames, so there's bigger problems if that's a concern.
Fixes: #19865.
Previously the emoji_status set by the user would only be seen in a
few places, it was decided that it would be useful to show the
emoji_status in a couple of other additional places as well.
As such this commit uses the status_emoji template to show the status
emoji in the compose_pm pills. Due to the fact that we use the same
pills system to render in the user_group, we need to add a
conditional to prevent rendering there since the user status is not
valuable there.
Status emoji changes do not live update these, but neither do user
renames, so there's bigger problems if that's a concern.
Previously the emoji_status set by the user would only be seen a few
places, it was decided that it would be useful to show the
emoji_status in a few additional other places as well.
Use the status_emoji template to show the status emoji in the
message_body and also implement live update behavior.
With refactor and minor edits by Yash RE.
Co-authored-by: YashRE42 <33805964+YashRE42@users.noreply.github.com>
Previously the emoji_status set by the user would only be seen in the
buddy list, it was decided that it would be useful to show the
emoji_status in other places as well.
As such this commit uses the status_emoji template to show the status
emoji in the PM list and also implements live update behavior.
With refactor and minor edits by Yash RE.
Co-authored-by: YashRE42 <33805964+YashRE42@users.noreply.github.com>
Previously, when the user clicked the `Add streams` icon in the
streams list sidebar, we provided a popover offering to create or
subscribe. This was confusing for users who did not have permission
to create streams.
Redirect users that don't have stream creation permissions
directly to browse streams without going through this popover.
Fixes: #20676.
This reverts commit 8e06335788 (#21048).
It regressed the ↑ and ↓ keys because drafts.drafts_scroll was not
updated to use ui.get_scroll_element. Also, styling the native
scrollbar as hidden is not the right workaround because the hidden
native scrollbar still exists and can be scrolled independently of the
SimpleBar.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
In the topic changing UI, the 'Change later messages to this topic'
and other options in the drop down were cut off when selected in some
languages like Russian.
Make the selection box width adjust appropriately according to the
length of the text, and also place it on its own line unconditionally.
users.
With tweaks by tabbott to use the same approach we already use in the
"Move topic" modal to have the bottom margin for the color block match
that of the dropdown_list_widget itself, of having them share CSS.
Fixes#19739.
We use button element instead of <a> element for the button used to change
stream permission. This change fixes the focus problem where the container
was focussed when closing the permission modal.
The problem here was because Micromodal focuses the element which was just
focused before opening the modal, on closing the modal. And in this case the
focused element before opening the modal was the "simplebar-content-wrapper"
element as <a> tah without href is not focusable element.
Related issue - #20223.
As seen in
https://chat.zulip.org/#narrow/stream/9-issues/topic/edit.20history.20bug/near/1320430,
clicking such a link takes you to the user's default view if the click
handler throws an exception before doing preventDefault().
There hrefs also have the negative effect of having your browser claim
that clicking the link will navigate you to the default view, which it
won't.
Comes with a linter rule to prevent future instances, since it seems
there are some recently added ones, though they are likely the result
of copy/paste.
Currently the emoji_status set by the user is only seen in the buddy
list, it would be useful to show the emoji_status in other places as
well.
As such this commit does the prep work of extracting a template which
will be used in all places that need to show the status emoji.
With refactor and minor edits by Yash RE.
Co-authored-by: YashRE42 <33805964+YashRE42@users.noreply.github.com>
Currently, the emoji_status set by the user is only seen in the buddy
list, it would be useful to show the emoji_status in other places as
well.
As such this commit does the prep work of decoupling the
selected_emoji style in user_status.css from the .status_emoji
style... by having it always override the value of "top".
User should be able to tab from topic/pm input to textarea and back.
Moving `compose_top_right` button before the stream, topic and PM
input structurally in DOM but keeping them visually in the same
place, allows us to do so.
Austin Riba
Anders Kaseorg
Tim Abbott
Aman Agrawal
Julia Bichler
Sahil Batra
jai2201
Steve Howell
Dinesh
yogesh sirsat
YashRE42
AnushaNathRoy
Mr.mad
Parth