Commit Graph

9 Commits

Author SHA1 Message Date
Anders Kaseorg e090027adc CVE-2022-23656: Fix cross-site scripting vulnerability in tooltips.
An attacker could maliciously craft a full name for their account and
send messages to a topic with several participants; a victim who then
opens an overflow tooltip including this full name on the recent
topics page could trigger execution of JavaScript code controlled by
the attacker.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-01 14:26:42 -08:00
Tim Abbott 7cc553b75d spectators: Add divider before sidebar login/signup buttons.
This slightly improves the visuals of this component.
2022-03-01 11:51:46 -08:00
Aman Agrawal c396c2f7a4 home: Send rendered realm description for spectators.
Display rendered markdown after passing it through our local
rendered_markdown JS library.
2022-02-17 16:17:15 +00:00
Aman Agrawal c827c73783 right_sidebar: Add realm description for spectators. 2022-02-04 16:00:59 -08:00
Steve Howell 4792af5682 templates: Prevent dangling end tags.
In cases where an opening tag is so long that we stretch
it to 2+ lines of code, we should try to use block-style
formatting in the template code.

Unfortunately, we have lots of legacy code that violates
this concept, so this is a timid fix.

There are also legit use cases like textarea where we
probably need to keep the ugly template syntax for things
to render properly.
2021-11-23 15:55:54 -08:00
AnushaNathRoy b6fc670134 right sidebar: Display text when no users match search. 2021-09-29 15:10:31 -07:00
akshatdalton ea4587071a tooltip: Improve tooltip placement for search users icon in right sidebar.
Similar to the previous commit, the tooltip was not
completely visible in this case and this bug was
similar to the one corrected in recipient bar icons.
2021-07-06 15:26:53 -07:00
akshatdalton d693b77f49 tooltip: Improve tooltip placement for User sidebar title.
Here, the tooltip was partially visible. This bug was similar
to the one that is corrected for recipient bar icons.

I have removed the class attribute `tippy-zulip-tooltip`
for Filter stream title as this will be handled by the
new changes.
2021-07-06 15:26:53 -07:00
aryanshridhar 13399833b0 right_sidebar: Migrate to handlebars.
This commit migrates the `right_sidebar.html` Django template
to handlebars by creating a new file as `right_sidebar.hbs`
which is then rendered using `ui_init` module.

It also removes the tests in `test_home` due to the template
migration, since these elements aren't rendered on the backend
anymore.

We also remove `test_compute_show_invites_and_add_streams*`.

Fixes part of #18792.
2021-07-05 18:58:24 -07:00