Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
33,299 Commits 28 Branches 143 Tags 631 MiB
Python 61.2%
TypeScript 16.4%
JavaScript 10.6%
HTML 4%
CSS 3.9%
Other 3.8%
Go to file
Anders Kaseorg 46e562f990 bootstrap: Change tooltip html default to false. 
Bootstrap v2.2.0^2~40^2~6 changes this default to false, so this is a
prerequisite to upgrading Bootstrap, and it’s also safer.

This closes an HTML injection path via user full names in the emoji
reaction tooltip.  It doesn’t appear to be exploitable for cross-site
scripting because we disallow `>` in full names, and the code happens
to be written such that the next `>` is in a different parser
invocation.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 		2019-09-19 20:53:10 -07:00
.circleci circleci: Store XUnit test results. 2019-07-07 22:31:11 -07:00
.github
.tx cleanup: Delete trailing newlines. 2019-08-06 23:29:11 -07:00
analytics test_counts: Remove custom user creation code. 2019-09-19 14:31:58 -07:00
confirmation analytics/zilencer/zproject: Remove unused imports. 2019-02-02 17:31:45 -08:00
corporate templates: Move page_params from an inline script to the <body> dataset. 2019-09-17 16:06:33 -07:00
docs docs: Update changelog through current master. 2019-09-18 17:36:31 -07:00
frontend_tests left sidebar: Fix bot availability status in "private messages". 2019-09-18 17:40:25 -07:00
locale i18n: Update translation data from transifex. 2019-08-07 15:15:28 -07:00
pgroonga migrations: Remove unused imports. 2019-02-02 17:01:04 -08:00
puppet nginx: Add CORS, HSTS, and X-Frame-Options headers to error responses. 2019-09-19 12:10:18 -07:00
requirements requirements: Upgrade twisted to 19.7.0. 2019-09-08 09:42:32 -07:00
scripts setup-apt-repo: Add ca-certificates to pre_setup_deps. 2019-09-19 20:15:43 -07:00
static bootstrap: Change tooltip html default to false. 2019-09-19 20:53:10 -07:00
stubs mypy: Remove daemon mode. 2019-08-25 15:04:12 -07:00
templates bootstrap: Change tooltip html default to false. 2019-09-19 20:53:10 -07:00
tools emoji: Finish removing leftover code from banned Emoji sets. 2019-09-19 12:08:52 -07:00
zerver bulk_get_subscriber_user_ids: Sort each user list by ID. 2019-09-19 20:17:43 -07:00
zilencer custom fields: Add default external account custom fields. 2019-08-28 15:35:53 -07:00
zproject auth: Rename any_oauth_backend_enabled to any_social_backend_enabled. 2019-09-19 12:35:27 -07:00
zthumbor zthumbor: Clean up type ignores. 2019-08-09 17:42:33 -07:00
.babelrc webpack: Transpile JS code with Babel. 2019-07-22 17:55:32 -07:00
.browserslistrc webpack: Transpile JS code with Babel. 2019-07-22 17:55:32 -07:00
.codecov.yml codecov: Change threshold to use percentage syntax. 2019-07-20 14:37:04 -07:00
.editorconfig .editorconfig: Fix invalid brace patterns. 2019-07-03 14:40:56 -07:00
.eslintignore typescript: Use ESLint instead of TSLint. 2019-04-13 11:42:47 -07:00
.eslintrc.json data export: Add UI to trigger data export. 2019-08-12 18:21:38 -07:00
.gitattributes Revert "gitattributes: Mark yarn.lock as "binary", i.e. suppress diffs." 2019-05-20 19:31:14 -07:00
.gitignore i18n: Move static/locale back to locale. 2019-07-02 14:57:55 -07:00
.gitlint
.isort.cfg
.npmignore
.stylelintrc lint: Ban color names in CSS. 2019-01-22 15:33:18 -08:00
.travis.yml ci: Move backend and production tests to Ubuntu 16.04 (xenial). 2019-05-24 17:07:15 -07:00
.yarnrc .yarnrc: Set ignore-scripts true. 2019-08-28 16:15:54 -07:00
CODE_OF_CONDUCT.md docs: Add clarifying comma in CODE_OF_CONDUCT.md. 2019-04-05 18:01:37 -07:00
CONTRIBUTING.md docs: Mention twitter account as alternative to mailing list. 2019-05-20 15:21:15 -07:00
Dockerfile-postgresql search: Remove now unnecessary tsearch_extra dependency. 2019-08-29 12:49:26 -07:00
LICENSE license: Move license application notice from LICENSE to NOTICE. 2018-10-02 12:04:44 -07:00
NOTICE license: Move license application notice from LICENSE to NOTICE. 2018-10-02 12:04:44 -07:00
README.md readme: Remove Travis badge. 2019-09-06 13:14:14 -07:00
Vagrantfile Revert "vagrant: Add NFS backend for file synchronization for OSX." 2019-08-12 16:04:00 -07:00
manage.py manage.py: Revert sabotaging pika.adapters.twisted_connection import. 2019-01-31 10:04:28 -08:00
mypy.ini mypy: In non-daemon mode, follow package imports. 2019-08-16 14:13:40 -07:00
package.json dependencies: Upgrade nearly all JavaScript dependencies to latest. 2019-09-19 12:08:52 -07:00
postcss.config.js webpack: Move CSS minification to optimization stage. 2019-09-02 21:58:13 -07:00
version.py dependencies: Upgrade nearly all JavaScript dependencies to latest. 2019-09-19 12:08:52 -07:00
yarn.lock dependencies: Upgrade nearly all JavaScript dependencies to latest. 2019-09-19 12:08:52 -07:00

README.md

Zulip overview

Zulip is a powerful, open source group chat application that combines the immediacy of real-time chat with the productivity benefits of threaded conversations. Zulip is used by open source projects, Fortune 500 companies, large standards bodies, and others who need a real-time chat system that allows users to easily process hundreds or thousands of messages a day. With over 500 contributors merging over 500 commits a month, Zulip is also the largest and fastest growing open source group chat project.

CircleCI branch Coverage Status Mypy coverage GitHub release docs Zulip chat Twitter

Getting started

Click on the appropriate link below. If nothing seems to apply, join us on the Zulip community server and tell us what's up!

You might be interested in:

You may also be interested in reading our blog or following us on twitter. Zulip is distributed under the Apache 2.0 license.