Commit Graph

31 Commits

Author SHA1 Message Date
Anders Kaseorg e090027adc CVE-2022-23656: Fix cross-site scripting vulnerability in tooltips.
An attacker could maliciously craft a full name for their account and
send messages to a topic with several participants; a victim who then
opens an overflow tooltip including this full name on the recent
topics page could trigger execution of JavaScript code controlled by
the attacker.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-01 14:26:42 -08:00
Aman Agrawal b675db78a3 compose: Change icon of formatting popover to a question.
Fixes #21183
2022-02-18 11:16:19 -08:00
Aman Agrawal 2421f6846d compose_control_buttons: Move GIF button out of the popover. 2022-02-13 19:13:29 -08:00
Aman Agrawal 6c0f513569 compose: Move time icon out of popover on narrow widths.
We have some extra space to do so.
2022-02-07 09:46:19 -08:00
Aman Agrawal bed77a0a76 compose: Add drafts beside formatting buttons.
We hide the drafts button on small screen sizes since it overflows
the window on some languages like Russian.
2022-02-07 09:46:19 -08:00
Aman Agrawal 4d7cbc0a63 compose: Move emoji button outside of popover.
Since we more space after moving Help button below, we stop hiding
emoji icon in a popover on small screens.
2022-01-05 16:03:53 -08:00
Aman Agrawal aaa7150b8a compose: Move overflowing buttons to a popover.
We don't hide popover on click for formatting buttons, emoji picker and time
picker.
Emoji and time picker popovers need a reference to be displayed,
hence we don't hide them.
Not hiding formatting buttons is based on past discussion.

The current instance of compose popover is stored locally
so that we can access it across different modules.

The basic approach for hiding / displaying a button is based on
width and is executed at `sm` breakpoint as per our
`css_variables.js`.
Used handlebars and `hide/show-sm` css class to make this
work. This avoids using too much JS to hide/display elements.
2021-12-02 15:11:15 -08:00
Aman Agrawal a64f6edc2a compose: Use loading spinner as loading indicator. 2021-12-02 15:11:15 -08:00
Aman Agrawal 25ee6a795e compose: Never hide send button.
`Press Enter to send` used to hide `Send` button, we remove that
behaviour.

We show the current state of `Enter` hotkey action via text below
`Send` button which can toggle behaviour on click.
2021-12-02 15:11:15 -08:00
Aman Agrawal 061e274716 compose: Add dividers.
These improves the visual organization of the compose controls.

This is consistent with the divider we have for the navbar.
2021-11-22 18:44:32 -08:00
Aman Agrawal 2b8aa5ce2d compose: Add formatting buttons to bottom of compose box.
This is a very frequently requested feature for organizations that are
new to Markdown, that brings Zulip's UI more in line with that of
competing projects and other markdown editors like the GitHub UI.
2021-11-22 18:44:31 -08:00
Aman Agrawal 2af933678c compose: Refactor bottom part of compose box.
* We use flexbox instead of `position: relative` to align elements.
* Increase clickable area of icons using more padding.
* Increase space between elements.
* Fix mobile compose box icon alignment.
2021-11-22 18:29:45 -08:00
Aman Agrawal 29cdd99220 giphy: Use single element for tooltip and popover.
This works surprisingly unlike my previous attempts to do so.

WARN: This is a pseudo commit and should only be merged with upcoming
compose box bottom refactoring commit since the css changes required
for this change are missing here and are not required after that
commit.
2021-11-22 18:29:45 -08:00
Aman Agrawal 3423797efa compose: Remove drafts link.
Since we have the drafts button in top left corner and we need space
to insert formatting buttons in the bottom of compose box; removing
drafts link makes sense.
2021-11-22 18:29:45 -08:00
Kevin Scott 64f099d2f5 compose: Add compose box button to insert global times.
Fixes #20045.
2021-11-01 16:20:05 -07:00
Aman Agrawal 5adc6d7297 compose_control_buttons: Use data-tippy-content instead of title.
We don't want browser default titles and tooltips to overlap,
so we remove titles here.
2021-04-30 07:52:32 -07:00
Aman Agrawal 4a91d5ffdb compose_control_buttons: Change class name for GIF icon.
Since we no longer use giphy logo to open giphy
popover, this is a more appropriate name.
2021-04-29 16:06:51 -07:00
Aman Agrawal 374ce1094b giphy: Use `zulip-icon` font to render giphy icon. 2021-04-29 09:02:25 -07:00
Aman Agrawal 2a1bcd4b59 giphy: Fix incorrectly working show/hide behaviour.
There were some changes that were lost/added by mistake
during a rebase of #17707 after #18154 was merged.

Fixes the GIF icon being hidden / displayed incorrectly
with respect to the settings.

These changes were originally part of
67527a2517 but
were lost during the rebase.
2021-04-29 09:02:25 -07:00
Aman Agrawal 94b2f6e232 compose_control_buttons: Use class of giphy icon to locate it.
Since giphy icon can be present in compose box and messaged edit
form at the same, we don't want should use a class here.
2021-04-28 07:07:36 -07:00
Aman Agrawal 33641d7e05 giphy: Change icon of GIF picker.
We use an icon which is more clear for what it stands for.

Increase allowed size of message-control-buttons slightly so
that they are clearly visible. This is more important for
GIF icon to be visible properly than any other icon here.
2021-04-28 07:07:36 -07:00
Aman Agrawal f47e93481e giphy: Set rating according to realm_giphy_rating.
We set rating of GIFs retrieved from GIPHY according to
realm_giphy_rating setting. Also, we allow user to set
a rating in organization settings.
2021-04-28 07:07:36 -07:00
Aman Agrawal 9021444e0c message_edit_form: Remove drafts link.
It was added while deduplicating code between compose and message
edit form. This can be confusing to users, hence removing.
2021-04-28 07:07:36 -07:00
Aman Agrawal 4f3cae7d65 compose_control_buttons: Rename giphy_api_available to giphy_enabled. 2021-04-27 10:06:25 -07:00
Aman Agrawal 1b844a8d1c message_edit: Deduplicate control buttons.
Deduplicate control buttons by re-using the
compose_control_buttons.

A link to `help` overlay was added to `message_edit_form`
as a part of this process.

This fixes a bug that when video provider is set to `Jitsi`
from `none` in organization settings while message_edit_form
is open, the video icon is not displayed since
it was not present in the message_edit_form DOM even if
compose.update_video_chat_button_display tries to display it.
It is fixed since the `.video_link` element is always present
in DOM of `message_edit_form` now.
2021-04-27 10:06:25 -07:00
Aman Agrawal 54b31df1b6 emoji_map: Convert from id to class.
Since it can present in multiple elements, we use it as a class.
2021-04-27 10:06:25 -07:00
Aman Agrawal 84a7f08acc compose: Use `class` to find `markdown_preview` related elements.
We convert the following elements to use a class instead of
id for accessing them across the codebase:

* markdown_preview
* undo_markdown_preview
* markdown_preview_spinner
* message_edit_content
* preview_content

Converted them together since changes to one impacted the other in
some modules like click_handlers.

Also, added a function in rows to get `message_row`.
2021-04-27 10:06:25 -07:00
Aman Agrawal 8ebced2791 compose: Use `compose_upload_file` class for upload file icon.
We use `.compose_upload_file` across compose and message_edit_form
for file upload icon. This will help us share common code between
`compose` and `message_edit_form`.
2021-04-27 10:06:25 -07:00
Aman Agrawal 7ae04a6ba8 compose: Use `file_input` class for file input element.
In both compose and `message_edit_form` we use `file_input`
class to identify the file `input` element. This will help
to more easily share common elements between compose and message_edit.
2021-04-27 10:06:25 -07:00
Anders Kaseorg dd3fa4ac52 templates: Mark all void tags as self-closing.
This reverses the policy that was set, but incompletely enforced, by
commit 951514dd7d.  The self-closing tag
syntax is clearer, more consistent, simpler to parse, compatible with
XML, preferred by Prettier, and (most importantly now) required by
FormatJS.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-21 09:49:34 -07:00
Aman Agrawal 57c657962e compose: Move control buttons into a file of their own.
These buttons are common with message_edit_form.hbs, we will
be sharing this file among compose and message_edit_form.
2021-04-19 16:54:54 -07:00