paulmataruso/zulip-desktop
1
0
Fork 0
mirror of https://github.com/zulip/zulip-desktop.git synced 2025-11-15 19:31:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,701 Commits 27 Branches 70 Tags
855d99dfa0ecc0100ab40e8013512beeb8ae5ab6
Commit Graph

4 Commits

Author SHA1 Message Date
Anders Kaseorg
a9d59b3dcd CVE-2020-24582: Escape all strings interpolated into HTML. 
Also fix various variable names to consistently indicate which strings
contain HTML.

Some of these changes close cross-site scripting vulnerabilities, and
others are for consistency.  It’s important to be meticulously
consistent about escaping so that changes that would introduce
vulnerabilities stand out as obviously wrong.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2020-09-04 22:52:38 -07:00
Anders Kaseorg
9d2739f050 js: Declare 'use strict' on all scripts and no modules. 
And enable the import/unambiguous ESLint rule as a check on our
partition between scripts and modules.  After this commit, if you add
a new file and get this error:

  ✖  1:1  This module could be parsed as a valid script.  import/unambiguous

* For a module, add an `import` or `export` declaration to make the
  file unambiguously a module (the empty `export {};` declaration
  suffices).
* For a script, add the file to the xo overrides section of
  package.json that marks it "sourceType": "script", and add a 'use
  strict' declaration.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-03-09 20:04:43 -07:00
Anders Kaseorg
d3bcd7306a typescript: Switch to ES import/export syntax. 
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-03-04 17:21:03 -08:00
vsvipul
4adda8b8ae typescript: Migrate base.js to typescript. 2019-07-17 00:22:17 +05:30