If muting, topic editing, or deletion causes a narrow loses its last
message, we should show the empty-narrow notice; similarly, if
un-muting adds the first message, we should hide the notice.
We do this in `rerender()` since that's the common code path for
re-rendering the message list after events that might change this.
This has likely been broken since the very first muting
and topic editing implementations.
This commit exposes some inner variables of notifications.js to make
them easily testable. The first test added simply checks whether the
showing and closing of notifications works properly, and doesn't yet
verify the main code logic of the notification generation.
In 7b8da9b we have introduced some other checkmark icons
which aren't necessary as old icons still make sense there.
So removing them as they don't add any extra value.
Fixes: #8995.
Zulip's search typeahead had a security bug, where when autocompleting
a specially crafted stream name, and then hitting space, code within
the stream name would be executed.
Zulip was doing HTML escaping correctly in the main code path using
Filter.describe to describe a narrow, but the escaping function was
not called in a few parallel code paths. We fix this in a way that
should protect all of these code paths, by making Filter.describe
return properly escaped HTML, rather than depending on its callers to
do so.
Thanks to w2w for reporting this issue.
This fixes a set of XSS issues with Zulip's frontend markdown
processor, which is used in a limited set of contexts, such as local
echo of messages and the drafts feature.
The implementation of several syntax elements, including the <em>
syntax, user and stream mentions, and some others failed to properly
escape the content inside the syntax.
Fix this, and add tests for each corrected code path.
Thanks to w2w for reporting this issue.
This fixes an XSS issue with Zulip's muting UI, where if a stream or
topic name contained malicious HTML containing JavaScript, and the
user did a muting interaction, the malicious JavaScript could run when
rendering the "you just muted a topic" notification.
We did an audit for similarly problematic use of `.html`, and found
none; for the next release we'll be merging a series of changes to our
linter to prevent future instances of this being added.
Thanks to Suhas Sunil Gaikwad for reporting this issue.
There was already a progress bar set up, but it became non-functional
after refactoring. This fixes it.
The default animation was getting cut off when `uploadFinished` is
called, so we add a delay before removing the upload bar to make it
get to the end.
Tweaked by tabbott to have a more natural feeling animation setup
(where we don't animate the width adjustments; just the disappearance
of the bar).
Fixes#8863.
This reverts commit 6e048c5d3f.
See #8963 for the main issue we need to fix before re-enabling this;
basically, some combination of toMarkdown and the way text/html gets
written was introducing a lot of bonus/bogus whitespace, both in the
form of newlines and spaces converted to ` `.
`@everone` and `@all` will have a megaphone icon from FontAwesome in
place of the avatar.
Also, fix the `composebox_typeahead` tests to account for the images.
Fix#6635.
Currently, stream subscriptions aren't getting updated without
hard reload when user is deactivated in realm.
Fix this issue by updating stream subscription widgets on user
deactivation event.
Fixes#5623
This commit adds a new helper func to check if sub settings tab
is active or not and remove function `add_me_to_member_list`
function from `static/js/stream_edit.js`, cause we don't need to
render subscribers for particular case, as we are already doing that.
Currently, even after unsubscribing from private/public stream
email address of stream is still present in html widgets hidden.
Cause we don't clear email address on unsubscription event.
This clears email address from widget when user unsubscribe
from any stream.
Introduced a new checkmark icon in the settings page
from entypo ( www.entypo.com ) to make icons more
consistent between user and organization settings.
This commit changes the way the save and discard buttons on the
organization profile, settings and permissions tabs look and fades
them out after a delay. It also cleans up the code a bit in the
settings_org.js file. It introduces changes to the css in
settings.css as well as the template for save-discard buttons.
It also fixes a bug on the user settings whereby if an option
that requires reload is clicked before clicking an option that does
not require reload, the reload message is erased. This could create
an issue where the user is not aware that a reload is required.
The loader is also changed to using fa-icon as loading spinner on
user settings and the colors are tweaked a little bit.
This commit adds the ability to pass the sticky option to
in the change_display_setting function in order to have the
feedback element remain visible instead of fading out which
is the default behavior. Also passes true for that option in
two instances on the page.
This commit changes the do_settings_change function so that it
defaults to showing the loading spinner for 500ms before fading
out the the feedback element. It also adds a sticky option so you
can override the fading out of the feedback element and have it
remain visible.
