paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-06 15:03:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
0dcaf9ca3d4af9c1a3b8c5a66d6ac760ff24000b
zulip/static/js
History
Waseem Daher 0dcaf9ca3d Kiosk mode [unsafe]. 
"Kiosk mode" is a "read-only" Zulip suitable for embedding into
an iframe on another site. I say "read-only" in quotation marks,
because the account is still a fully-fledged active account on
the server, and we just tear out a bunch of stuff in Javascript
(that a malicious user could easily re-enable).

So in that sense, it's not actually safe in security-sensitive
environments -- malicious users logged in via kiosk mode
can do anything the kiosk-mode user can do.

(We need this functionality for the customer3 realm specifically;
 we'll possibly just tear this code back out once that experiment
 has run its course.)

(imported from commit deb035b4c702fcdb0e660ed549fe74c682abb6d9)
2013-08-11 15:57:21 -04:00
..
activity.js
Use Dict everywhere we have keys based on potentially dangerous, user-supplied data
2013-08-09 17:35:14 -04:00
api.js
Move zephyr/static to just static.
2013-07-29 12:11:26 -04:00
avatar.js
Add curly braces for all javascript if statements lacking them.
2013-08-01 11:47:54 -04:00
blueslip.js
Replace $.extend
2013-07-30 12:12:59 -04:00
colorspace.js
Move zephyr/static to just static.
2013-07-29 12:11:26 -04:00
common.js
Add curly braces for all javascript if statements lacking them.
2013-08-01 11:47:54 -04:00
compose.js
Debounce update_faded_messages to once per 150ms.
2013-08-11 12:01:24 -04:00
composebox_typeahead.js
Use Dict everywhere we have keys based on potentially dangerous, user-supplied data
2013-08-09 17:35:14 -04:00
debug.js
Replace $.each with _.each
2013-07-30 12:12:58 -04:00
dict.js
Use Dict everywhere we have keys based on potentially dangerous, user-supplied data
2013-08-09 17:35:14 -04:00
emoji.js
Replace $.each with _.each
2013-07-30 12:12:58 -04:00
feature_flags.js
Kiosk mode [unsafe].
2013-08-11 15:57:21 -04:00
hashchange.js
Replace $.each with _.each
2013-07-30 12:12:58 -04:00
hotkey.js
Make Enter on a summary row expand it.
2013-08-08 13:04:01 -04:00
initial_invite.js
Replace $.each with _.each
2013-07-30 12:12:58 -04:00
invite.js
Replace $.each with _.each
2013-07-30 12:12:58 -04:00
kiosk.js
Kiosk mode [unsafe].
2013-08-11 15:57:21 -04:00
landing-page.js
Replace $.each with _.each
2013-07-30 12:12:58 -04:00
message_edit.js
Eliminate unnecessary calls to "function".
2013-08-05 16:59:49 -04:00
message_list.js
Kiosk mode [unsafe].
2013-08-11 15:57:21 -04:00
message_tour.js
Move zephyr/static to just static.
2013-07-29 12:11:26 -04:00
metrics.js
Rename our custom JS events to use Zulip, not Zephyr.
2013-07-29 12:11:26 -04:00
narrow.js
Fix key lookup when canonicalizing operators
2013-08-09 17:35:58 -04:00
navigate.js
Restore centering when using the down arrow (or "j").
2013-08-05 16:10:01 -04:00
notifications_bar.js
Add curly braces for all javascript if statements lacking them.
2013-08-01 11:47:54 -04:00
notifications.js
Add curly braces for all javascript if statements lacking them.
2013-08-01 11:47:54 -04:00
onboarding.js
New onboarding step: Set up an integration.
2013-08-08 17:23:27 -04:00
popovers.js
Created stream_color.js.
2013-08-08 18:22:44 -04:00
referral.js
Completely hide the "share the love" elements when the user has no invites.
2013-08-06 17:18:40 -04:00
reload.js
Fix tracebacks on reload while composing
2013-07-30 13:10:50 -04:00
rows.js
Make summary rows selectable.
2013-08-08 13:04:01 -04:00
search_suggestion.js
Use Dict everywhere we have keys based on potentially dangerous, user-supplied data
2013-08-09 17:35:14 -04:00
search.js
Removed match_on_visible_text() in search.js.
2013-08-02 17:28:04 -04:00
settings.js
Allow user to change their API key.
2013-08-08 13:03:09 -04:00
setup.js
Move zephyr/static to just static.
2013-07-29 12:11:26 -04:00
signup.js
Move zephyr/static to just static.
2013-07-29 12:11:26 -04:00
stream_color.js
Add a test for stream_color.js (pick_color).
2013-08-09 12:29:02 -04:00
stream_list.js
Use Dict everywhere we have keys based on potentially dangerous, user-supplied data
2013-08-09 17:35:14 -04:00
subs.js
Use Dict everywhere we have keys based on potentially dangerous, user-supplied data
2013-08-09 17:35:14 -04:00
tab_bar.js
Use Dict everywhere we have keys based on potentially dangerous, user-supplied data
2013-08-09 17:35:14 -04:00
templates.js
Implement message summarization experiment.
2013-08-07 10:24:03 -04:00
timerender.js
Replace $.each with _.each
2013-07-30 12:12:58 -04:00
tutorial.js
Use Dict everywhere we have keys based on potentially dangerous, user-supplied data
2013-08-09 17:35:14 -04:00
typeahead_helper.js
Add curly braces for all javascript if statements lacking them.
2013-08-01 11:47:54 -04:00
ui.js
Disable browser spellcheck in desktop app.
2013-08-09 18:53:22 -04:00
unread.js
Use Dict everywhere we have keys based on potentially dangerous, user-supplied data
2013-08-09 17:35:14 -04:00
util.js
Add util.enforce_arity
2013-08-09 17:12:23 -04:00
viewport.js
Fix for _.each not short-circuiting
2013-08-06 16:15:47 -04:00
zulip.js
Use Dict everywhere we have keys based on potentially dangerous, user-supplied data
2013-08-09 17:35:14 -04:00