mirror of https://github.com/zulip/zulip.git
163c9c8d75
The idea here is: part of the onboarding tutorial is going to
be you talking to the tutorial bot and it talking to you, from
our Javascript.
The reason it's driven by Javascript is that then in principle we can
do nice stuff like making popovers appear in places to point things
out to you, whereas if we were to do it strictly server-side, doing so
would be a lot harder.
The downside to doing it in Javascript is that you don't get any of
the Markdown rendering, since that happens on the server. So instead
we add this call where you give it a message, and it responds by
having the tutorial bot send you that message.
I don't think there are any security concerns here because
(1) The bot only messages you -- so you can't use it to make someone
else think that the system is telling them to do something
(2) If there were an issue associated with having the server parse
arbitrary Markdown, you could just trigger the issue by sending
a message yourself.
(imported from commit b34f594dab6be6bcb81899278ae1cbe447404468)
|
||
|---|---|---|
| .. | ||
| __init__.py | ||
| activate_mit.py | ||
| add_users_to_streams.py | ||
| analyze_mit.py | ||
| banish_broken.py | ||
| change_user_email.py | ||
| clear_db.py | ||
| create_realm.py | ||
| create_user.py | ||
| dump_passwords.py | ||
| dump_pointers.py | ||
| dump_useractivity.py | ||
| expunge_db.py | ||
| expunge_logs.py | ||
| fill_message_cache.py | ||
| populate_db.py | ||
| print_initial_password.py | ||
| process_user_activity.py | ||
| realm_stats.py | ||
| remove_users_from_stream.py | ||
| runtornado.py | ||
| set_default_streams.py | ||
| test_deactivate.py | ||
| test_messages.txt | ||
| update_mit_fullnames.py | ||
| user_stats.py | ||