Also fix various variable names to consistently indicate which strings
contain HTML.
Some of these changes close cross-site scripting vulnerabilities, and
others are for consistency. It’s important to be meticulously
consistent about escaping so that changes that would introduce
vulnerabilities stand out as obviously wrong.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
And enable the import/unambiguous ESLint rule as a check on our
partition between scripts and modules. After this commit, if you add
a new file and get this error:
✖ 1:1 This module could be parsed as a valid script. import/unambiguous
* For a module, add an `import` or `export` declaration to make the
file unambiguously a module (the empty `export {};` declaration
suffices).
* For a script, add the file to the xo overrides section of
package.json that marks it "sourceType": "script", and add a 'use
strict' declaration.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
The changes here are mostly straightforward; the one exception is
removing a zulipdev.org hack.
We disable some lint rules we'll want to address later (E.g. we want
to switch to using async/await rather than .then()). But those are
out of scope for this commit.
