paulmataruso/zulip-desktop
1
0
Fork 0
mirror of https://github.com/zulip/zulip-desktop.git synced 2025-11-14 10:57:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,743 Commits 27 Branches 70 Tags
eeade47eb628e90799cc1260542577d0ff24a170
Commit Graph

146 Commits

Author SHA1 Message Date
Anders Kaseorg
8ec9a98c86 ServerTab: Inline init method. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2021-04-01 18:13:30 -07:00
Anders Kaseorg
277d7ef824 FunctionalTab: Inline init method. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2021-04-01 18:11:55 -07:00
Anders Kaseorg
b07995c3ed Simplify querySelectorAll(…)[0] to querySelector(…). 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2021-04-01 14:06:43 -07:00
Anders Kaseorg
67228d295d Reformat all code with Prettier. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2021-03-31 20:04:00 -07:00
Anders Kaseorg
ce9a680333 Add a tagged template function for HTML supporting HTML interpolation. 
This allows better Prettier integration: Prettier recognizes and
reformats tagged template literals with a tag named ‘html’.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2021-03-31 20:00:49 -07:00
tarun8718
25d0aefe37 server-tab: Fix upper limit of generated shortcuts 
Signed-off-by: tarun8718 <tarunkumar8718@gmail.com>
 2021-03-29 20:23:06 -07:00
Anders Kaseorg
851bb7904f Move modules shared between main and renderer processes to app/common. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2021-03-29 18:01:52 -07:00
Anders Kaseorg
76d321fa79 xo: Enable @typescript-eslint/consistent-type-imports. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2021-03-29 17:48:54 -07:00
Anders Kaseorg
a9f479d60d Enable worldSafeExecuteJavaScript. 
This has no effect on our use of executeJavaScript, and will become
the default in Electron 12, but for now it silences a warning in
development mode.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2021-03-08 23:14:00 -08:00
Anders Kaseorg
12ae84b757 xo: Fix unicorn/prefer-spread. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2021-03-08 23:13:43 -08:00
Anders Kaseorg
9fe382b27f xo: Fix unicorn/explicit-length-check. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2021-01-25 11:23:48 -08:00
Anders Kaseorg
855d99dfa0 xo: Fix unicorn/prevent-abbreviations. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2021-01-25 11:23:48 -08:00
Anders Kaseorg
cc2424e0bf xo: Fix @typescript-eslint/no-confusing-void-expression. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2021-01-25 11:23:48 -08:00
Anders Kaseorg
79808e8ee9 preload: Provide hooks for server to robustly replace logout et al. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2020-12-01 18:11:45 -08:00
Anders Kaseorg
047bf0ca45 webview: Pass webPreferences values as explicit booleans 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2020-11-30 12:39:35 -08:00
Anders Kaseorg
31d5e5a092 xo: Fix unicorn/prefer-ternary, I guess. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2020-10-24 15:47:13 -07:00
Anders Kaseorg
a9d59b3dcd CVE-2020-24582: Escape all strings interpolated into HTML. 
Also fix various variable names to consistently indicate which strings
contain HTML.

Some of these changes close cross-site scripting vulnerabilities, and
others are for consistency.  It’s important to be meticulously
consistent about escaping so that changes that would introduce
vulnerabilities stand out as obviously wrong.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2020-09-04 22:52:38 -07:00
Anders Kaseorg
5fe5989710 xo: Enable import/newline-after-import. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2020-07-23 23:18:25 -07:00
Anders Kaseorg
8d66f05924 xo: Sort imports with import/order. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2020-07-23 23:06:41 -07:00
Manav Mehta
e97ab2e6dd Replace deprecated getWebContents API 2020-06-30 20:33:41 -07:00
Anders Kaseorg
c9249b1724 context-menu: Avoid no-unnecessary-boolean-literal-compare warning. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2020-06-26 15:56:23 -07:00
Anders Kaseorg
9e957ba704 context-menu: Copy the email address, not the link text. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2020-06-26 15:47:38 -07:00
Abhigyan Khaund
addfe2e414 context-menu: Remove trailing and leading separators when not required. 
Fixes: #979.
 2020-06-27 02:38:03 +05:30
Abhigyan Khaund
bda0dd29df context-menu: Fix bug in Copy Link and add copy Email. 
Fixes: #986
 2020-06-27 02:27:44 +05:30
Abhigyan Khaund
01926e1234 context-menu: Enable copy only when copy is possible. 2020-06-27 02:27:44 +05:30
Manav Mehta
0fff6336c7 spellchecker: Use Electron 8 built-in spellchecker. 
* Using electron built-in spellchecker
* Added the custom context menu

Co-authored-by: Anders Kaseorg <anders@zulipchat.com>

Fixes: #504
 2020-06-18 18:14:23 +05:30
Anders Kaseorg
d661895545 Remove the insecure ignoreCerts option. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2020-05-13 04:06:50 -07:00
Anders Kaseorg
983254c310 CVE-2020-12637: Do not ignore certificate errors without ignoreCerts. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2020-05-05 12:54:35 -07:00
Anders Kaseorg
34e2b3a3d0 typescript: Eradicate most any annotations. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2020-05-04 01:08:05 -07:00
Anders Kaseorg
6b7cce0366 ServerManagerView: Convert loading from object to Set. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2020-05-03 19:16:05 -07:00
Anders Kaseorg
73fec72e6d registerIpcs: Convert webviewListeners to array with functions. 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
 2020-05-03 19:09:22 -07:00
Abhigyan Khaund
82421d843a downloadFiles: Fix issue of showing two Save As dialog box. 
Currently, there are two dialog boxes shown while downloading files (in Ubuntu). One by default behavior of electron and other by the dialog box for save as feature.
This PR fixes this issue by using electron's save as dialog box.

Fixes: #947.
 2020-05-01 17:55:46 +05:30
Anders Kaseorg
ba191c3699 xo: Enable object-curly-spacing. 
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-04-30 13:48:18 -07:00
Anders Kaseorg
e49a880ed6 xo: Enable capitalized-comments. 
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-04-30 13:48:18 -07:00
Anders Kaseorg
39c6fa4ace xo: Enable @typescript-eslint/member-ordering. 
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-04-30 13:48:18 -07:00
Anders Kaseorg
5ae2a717fa xo: Enable padding-line-between-statements. 
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-04-30 13:48:18 -07:00
Anders Kaseorg
b76467529d xo: Upgrade xo to 0.30. 
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-04-30 13:48:18 -07:00
Anders Kaseorg
bb88a7b7a8 xo: Handle floating promises. 
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-04-30 13:48:18 -07:00
Anders Kaseorg
2154b191c8 typescript: Annotate url in WebviewProps. 
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-04-30 13:48:18 -07:00
Manav Mehta
16f0af8853 Remove storing of User-Agent on disk. 
Fixes: #921.

Co-authored-by: Anders Kaseorg <anders@zulipchat.com>
 2020-04-26 13:30:39 -07:00
am2505
bb6d90671f typescript: Complete most TypeScript todos. 2020-04-25 15:49:10 -07:00
Anders Kaseorg
92fb176f67 Revert "auth: Move social login process to browser." 
This reverts commit 49b29bfed6 (#863).

The design of this feature is still under discussion; we expect it to
return after the security release.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-03-30 19:33:24 -07:00
Anders Kaseorg
a03f569af9 CVE-2020-10857: Whitelist safe URL protocols for shell.openExternal. 
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-03-30 19:33:24 -07:00
Anders Kaseorg
af59bb7c99 handleExternalLink: Do not navigate the current window. 
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-03-30 19:33:24 -07:00
Anders Kaseorg
4390966a62 Always show downloaded files in file manager. 
shell.openItem is unsafe.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-03-30 19:33:24 -07:00
Anders Kaseorg
9d4093b3d8 CVE-2020-10856: Enable context isolation. 
This fixes a vulnerability reported by Matt Austin.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-03-30 19:33:24 -07:00
Anders Kaseorg
20a6c5d128 preload: Use IPC for logout, shortcut, showNotificationSettings. 
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-03-30 19:33:24 -07:00
Tim Abbott
5c164bfa7d webview: Disable insecure content. 
Zulip servers in production are designed to only serve content over
HTTPS.  And a development environment's root page will be served over
HTTP.

So there is no purpose in enabling allowInsecureContent, even
conditionally for use against Zulip development environments; we should
just remove the setting.
 2020-03-30 19:32:23 -07:00
Anders Kaseorg
611932c66d xo: Unabbreviate variable names. 
To satisfy unicorn/prevent-abbreviations in xo 0.28.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-03-23 16:53:12 -07:00
Anders Kaseorg
9d2739f050 js: Declare 'use strict' on all scripts and no modules. 
And enable the import/unambiguous ESLint rule as a check on our
partition between scripts and modules.  After this commit, if you add
a new file and get this error:

  ✖  1:1  This module could be parsed as a valid script.  import/unambiguous

* For a module, add an `import` or `export` declaration to make the
  file unambiguously a module (the empty `export {};` declaration
  suffices).
* For a script, add the file to the xo overrides section of
  package.json that marks it "sourceType": "script", and add a 'use
  strict' declaration.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
 2020-03-09 20:04:43 -07:00