There was an issue with the sort function that returned 0 sometimes when
it should not have. This change adds an additional condition so that the
correct comparison is made.
Bug: Issue 7813
Change-Id: I5b405ae431edc0b37cef09c53a2e8bb786fdeeed
It makes the most sense (at least for left-to-right language speaking
locales) to have the most final and most destructive UI elements read
last, as interacting with those is the most permanent, and requires the
full context of the information in the element.
In diff comments, actions like 'Save' and 'Discard' (which affect the
entire comment) were on the left, whereas toggling the resolved state
was on the right. This change flips these alignments.
Bug: Issue 5924
Change-Id: Id00e19d662a983fad071df0fb866052b2001beb4
Formerly, if a formatted text component tried to render without the
project config (used by inner linked text components) it would
temporarily fall-back to rendering the unformatted (and un-linkified)
text via `.textContent` -- mirroring the behavior of gr-linked-text.
The result is formatted text elements (when rendered without a project
config) appear as one long line of text. Unlike linkification, however,
text can be accurately formatted with or without the project config --
so this disruptive, poor UX is unnecessary.
The formatted text component is updated to format text when the project
config has not provided, and to re-render when the config has been
provided.
In order to propagate project config loads to the formatted text
components hosted by diff comments, the REST calls must be made by the
diff thread component. To make this call, the thread must have the
project's name, so gr-diff-builder is updated to provide this name to
thread components.
Bug: Issue 6686
Change-Id: I8d09c740930500e99cb5f87b92f4d72f3f50a9ce
This is a partial roll-forward of c/106190
This replaces all loads of iron-test-helpers with a load of a file
that wraps it, and adds that file to test files that do not currently
load iron-test-helpers.
A future CL will also install polymer-resin via common-test-helpers.html.
I tested by running
$ WCT_ARGS="-l chrome" ./polygerrit-ui/app/run_test.sh
Change-Id: Ifb3cd2c8db13d724f57e56e7e78045470d103a43
- Create a shared style module that is included in every custom element
- Add the shared style module to each existing element
Change-Id: I1ee382955afe4ff630548a6640e7c4d03688849d
polymer-resin intercepts polymer property assignments
before they reach XSS-vulnerable sinks like `href="..."`
and text nodes in `<script>` elements.
This follows the instructions in WORKSPACE for adding a new bower
dependency with kaspern's tweak to use the dependency in a rule so
that it's found. //lib/js/bower_components.bzl has already been
rolled-back per those instructions.
The license is the polymer license as can be seen at
https://github.com/Polymer/polymer-resin/blob/master/LICENSE though
I'm not sure that //tools/js/bower2bazel.py recognizes it as such.
Docs for the added component are available at
https://github.com/Polymer/polymer-resin/blob/master/README.mdhttps://github.com/Polymer/polymer-resin/blob/master/getting-started.md
With this change, when I introduce an XSS vulnerability as below,
polymer-resin intercepts and stops it.
Patch that introduces a strawman vulnerability.
--- a/polygerrit-ui/app/elements/core/gr-main-header/gr-main-header.js
+++ b/polygerrit-ui/app/elements/core/gr-main-header/gr-main-header.js
@@ -55,6 +55,10 @@
url: '/q/status:abandoned',
name: 'Abandoned',
},
+ {
+ url: location.hash.replace(/^#/, '') || 'http://example.com/#fragment_echoed_here',
+ name: 'XSS Me',
+ },
],
}];
---
Address kaspern's and paladox's comments.
---
Undo version bumps for bower dependencies.
---
Change Soy index template to parallel app/index.html.
---
update polymer-resin to version 1.1.1-beta
----
Load polymer-resin into polygerrit-ui/**/*_test.html
After this, I ran the tests with
-l chrome
-l firefox
I ran a handful of tests with -p and observed that the
console shows "initResin" is called before test cases start
executing.
These changes were done programmaticly by running the script below
(approximately) thus:
```
gerrit/ $ cd polygerrit-ui/app
app/ $ find . -name \*test.html | xargs perl hack-tests.pl
```
```
use strict;
sub removeResin($) {
my $s = $_[0];
$s =~ s@<link rel="import" href="[^"]*/polymer-resin/[^"]*"[^>]*>\n?@@;
$s =~ s@<script src="[^"]*/polymer-resin/[^"]*"></script>\n?@@;
$s =~ s@<script>\s*security\.polymer_resin.*?</script>\n?@@s;
return $s;
}
for my $f (@ARGV) {
next if $f =~ m@/bower_components/|/node_modules/@;
system('git', 'checkout', $f);
print "$f\n";
my @lines = ();
open(IN, "<$f") or die "$f: $!";
my $maxLineOfMatch = 0;
while (<IN>) {
push(@lines, $_);
# Put a marker after core loading directives.
$maxLineOfMatch = scalar(@lines)
if m@/webcomponentsjs/|/polymer[.]html\b|/browser[.]js@;
}
close(IN) or die "$f: $!";
die "$f missing loading directives" unless $maxLineOfMatch;
# Given ./a/b/c/my_test.html, $pathToRoot is "../../.."
# assuming no non-leading . or .. components in the path from find.
my $pathToRoot = $f;
$pathToRoot =~ s@^\.\/@@;
$pathToRoot =~ s@^(.*?/)?app/@@;
$pathToRoot =~ s@\/[^\/]*$@@;
$pathToRoot =~ s@[^/]+@..@g;
my $nLines = scalar(@lines);
open(OUT, ">$f") or die "$f: $!";
# Output the lines up to the last polymer-resin dependency
# loaded explicitly by this test.
my $before = join '', @lines[0..($maxLineOfMatch - 1)];
$before = removeResin($before);
print OUT "$before";
# Dump out the lines that load polymer-resin and configure it for
# polygerrit.
if (1) {
print OUT qq'<link rel="import" href="$pathToRoot/bower_components/polymer-resin/standalone/polymer-resin-debug.html"/>
<script>
security.polymer_resin.install({allowedIdentifierPrefixes: [\'\']});
</script>
';
}
# Emit any remaining lines.
my $after = join '', @lines[$maxLineOfMatch..$#lines];
$after = removeResin($after);
$after =~ s/^\n*//;
print OUT "$after";
close(OUT) or die "$f: $!";
}
```
---
update polymer-resin to version 1.2.1-beta
---
update Soy index template to new style polymer-resin initialization
----
fix lint warnings
----
Load test/common-test-setup.html into *_test.html
Instead of inserting instructions to load and initialize polymer-resin into
every test file, add a common-test-setup.html that does that and also fold
iron-test-helpers loading into it.
----
imported files do not need to load webcomponentsjs
Change-Id: I71221c36ed8a0fe7f8720c1064a2fcc9555bb8df
In the previous fix, the function was not called and since it was
the function that set the class to 'hidden' it did not hide.
Change-Id: Ic8f908802cb515086860f20e2c82d0ddd06c0278
Previously, the rest api interface set '__isOnParent' for comments.
When comments were added, the property from the comment thread
'isOnParent' was passed as a property. When the draft was saved, it was
expecting '__isOnParent' rather than 'isOnParent' and this caused
comments to show up on the wrong side after saved/refreshed, because
'__isOnParent' was undefined.
Instead of changing to either '__isOnParent' which would be strange to
pass as an attribute or 'isOnParent' which would look like it came from
the api directly, this change introduces isOnParent functions so that
translation doesn't need to be done with the API.
Bug: Issue 5831
Change-Id: I3b849ba5878275cda0a39638626a12bd51341a29
Use '__isOnParent' as a boolean in place if 'side' ('PARENT vs
'REVISION'). In doing so, it's necessary to convert to/from 'side'
whenever interacting with the REST API.
Change-Id: Ic023c9be1969597e4b9c73a51cfed9f5eb9bc23e
Previously, if a PARENT revision was getting compared to a patchset,
the local storage key would be the same for both, and there were issues
if a user was trying to write drafts on the same line on either side.
This addresses the issue by storing 'PARENT' as the patch number in the
local storage key, so that each key is unique.
Bug: Issue 5412
Change-Id: Ia8b2f0abe1d24a3849628fe335c931f07bcaff52
Unresolved state is only shown when the comment actions (reply/Ack/etc)
are shown AND when the thread is unresolved.
Feature: Issue 5442
Change-Id: I7e0859530198fa17172e9f9efa73a20c7aa03975
Previously, there was an issue where if you create a draft comment in
side by side view and switch to unified view, the comment thinks it's in
the later patch set rather than the earlier one and a second copy gets
added to local storage with the later patchset as a component of the
key.
This was because the the thread group assumed all threads inside of it
had the same patch number. This change fixes that, so in the event that
a user switches from side by side to unified, the patch number will get
taken from the comment rather than the thread group.
Bug: Issue 5493
Change-Id: I7f00997bcb2e6f1001a5d58ac206acf5af3367d2
Move all buttons that generate a reply of some sort (done, ack, reply,
quote) to the comment thread instead of the comment [1].
When there is a draft for a particular comment thread, all reply buttons
are hidden [2]. For example, if you click reply, you cannot click done
on the same thread, unless you remove the draft.
Each thread can have up to 1 draft. It's also worth noting that if a
thread has a draft, and the user clicks on the line or 'c' at the same
range, the existing draft will switch to 'editing' form.
[1] With the exception of "please fix" for robot comments.
[2] In this case, The please fix button will be disabled when other
reply buttons are hidden.
Feature: Issue 5410
Change-Id: Id847ee0cba0d0ce4e5b6476f58141866d41ffdad
Currently, when a response is created via keyboard shortcut 'c' or
clicking a line number, the comment is not created with the unresolved
state of the last comment in the thread.
This change checks for the previous state and adds that to the new
draft.
Bug: Issue 5408
Change-Id: I20eb039864120d5175cc016bfc695da564bc174d
Goes along with c/95273/. Adds commentSide attribute to comments to see
which side of the diff view they belong on. This is also used as part
of the locationRange for the gr-diff-comment-thread-group, so that two
thread groups can be on the same line or range for the unified group (
one for the right, one for the left).
Note: there is already a 'side' attribute on the gr-diff-comment, which
is confusing. This side actually references 'PARENT' or 'REVISION', to
identify whether the comment belongs to the parent or any revision. On
diffs where two revisions are compared to each other, this cannot be
used to determine left/right. However, because 'side' is part of
the CommentInfo entity[1], it is difficult to change the name and make
more sense out of that.
[1] https://gerrit-review.googlesource.com/Documentation/rest-api-changes.html#comment-info
Bug: Issue 5114
Change-Id: I5cc4c17d4bb134e31e5cc07ff9b08ed349488c97
- Adds range when parent exists when comment POSTed
- Finds range via filtering comments for backfill
Bug: Issue 5459
Change-Id: Ied19cc4b33749ba81fad6d1a5030abab419b1e6f
- Add concept of diff comment thread groups, which are all of the
threads at a particular line number.
- The thread group is responsible for breaking up comments into threads
based on the range of the comment.
- Thread groups are ordered by the updated time of the first comment in
the group.
- Thread groups are given a key, based on comment range, which is used
to determine what thread group a new comment should go in (or if it
needs a new one).
Feature: Issue 5292
Change-Id: If544e8bb879262de3ce5397e86124837b66ada04
Occasionally comment threads would render in such a way that the bottom
border is covered by the following diff line. Giving 1px of margin below
the thread elements makes the border consistent generally.
Bug: Issue 5083
Change-Id: I3f29905d1dc388d2d160444c16f09ddeaaec36b5
This change leverages the unresolved flag to automatically expand only
the last UNRESOLVED_EXPAND_COUNT comments in unresolved threads.
Feature: Issue 4752
Change-Id: Ia23920e1a210246838645d56a6bc81d0dff7da07
This change tracks and exposes the resolved state of a comment thread
without exposing the UI for modifying that state. This enables features
to be built out while the API request does not exist in the backend.
Feature: Issue 4879
Change-Id: If002035024920a7762519cedf5a869221bbbc3c8
This change addresses a few issues that existed due to multiple comments
in an editing state at the same time.
1) Fixes issue where if you create two replies and add text to the
second reply, then delete the first one, the text in the second textarea
gets removed.
2) Fixes issue where if you reply and add text, then reply again with
the first draft still editing, the second draft gets populated with the
message from the first comment.
3) Fixes issue where if you have multiple replies and delete one of
them, local storage gets erased. This change sets local storage to the
value of the first editing message found after deleting the other one
(if it exists).
Bug: Issue 4409
Change-Id: Ib5913a34a79783a4a87b4a298e25b02fc587b8dd
This change fully removes threading from the PG UI's comments. This is
a side effect of the implementation of resolvable comments.
Change-Id: I67e2a8f896726787857c35552fa8c0a9f629c2ba
Sort inline comments in the order that the comments were written.
Formerly comments were sorted in tree order so that reply comments would
appear after their parent. However, this sorting could be confusing
because there would be no other indication that the comments were
associated to a parent. When comments are sorted chronologically, they
appear in the thread position a user would expect.
Change-Id: I4d0722e4511eb53b9b8ab1d61a922d1b142e09ad
This change adds an API request to get robot comments for displaying
inline in the diff view. They are styled in a different color, contain
build and robotId information, and a "please fix" action rather than the
standard set of actions.
Feature: Issue 5089
Change-Id: I1f5954a2ed01920bb7c3dc897e3285687ff7d3ca
+ This does not cover on-keydown handlers within elements.
A follow-up change will account for those.
+ Keyboard shortcuts are disabled within gr-overlay, input,
and textarea elements.
+ Added tests for new behavior (plus some missing ones covering
broken behavior).
+ Removed blur hacks used on elements to placate the kb
shortcuts due to restrictions that have been removed.
Bug: Issue 4198
Change-Id: Ide8009a3bfc340a35a8ec8b9189a85b49c8a95aa
This change is the PolyGerrit counterpart to [1].
Nicer rendering for reviewer comments in PolyGerrit using the Gerrit
Wiki-like format. Whereas, formerly, PG comments were set in PRE blocks
using monospaced font so that the original format and alignment of the
comment can be directly viewed. This change allows comments to default
to a variable-width font with wrapping while separately styling blocks
intended to be pre-formatted text, quotes and lists.
The logic to parse comment text into blocks is borrowed from the Java
implementation found in [1]. Test cases are additionally translated from
this change to ensure coincident behavior.
Introduces GR-FORMATTED-TEXT to display these comments, and which uses a
similar interface to GR-LINKED-TEXT. Much like [1], the comment is
parsed into a list of blocks. These blocks are then mapped to the DOM
nodes that get attached inside the element.
[1] I8e11d363b80bff0b6395f56e210b636f68db36fa
Feature: Issue 4861
Change-Id: I245d6782e2fd8982ac3eda438fe4ca80f3658195
In GWTUI, quoted comments are prepended with ' > ' on each line. This
was causing strange formatting issues due to strings being trimmed on
the backend (see issue for more details), and also didn't really make
sense (who prefers 3 space tabs over 2 or 4?). This change removes the
leading space and denotes quote levels with '> '.
Bug: Issue 4811
Change-Id: Iee1a85b5b2f1a4ab46a35110be65a6b4f156eb6a
The gr-overlay element attempts to manage disabling and enabling
keyboard shortcuts. When multiple gr-overlay elements are available
on a page and one of them opens immediately, that overlay tries to
disable keyboard shortcuts, but the other elements initialize as
closed and enable them.
This change offers a new method for disabling keyboard shortcuts.
The caller can pass in an identifier to enable or disable. If keyboard
shortcuts are disabled by one or more identifiers, then they are
suppressed.
Change-Id: I82fe6efd922f09279e76a2f2c8cb5781f3afe395
This change adds keyboard shortcuts to the "gr-diff-comment-thread"
expand all comments when 'e' is pressed and collapse all comments when
'shift + e' is pressed. Note that the keyboard event is detected on the
thread instead of the comment to minimize the number of events getting
triggered.
Feature: Issue 4738
Change-Id: Iab77349bd1527d7af5e05a827919a78a86909835
Add comments that are replies to ones missing from comment thread as
top-level comments to the thread instead of discarding.
Change-Id: Ib93fa1c74f1ca004ee2361e017dc1210c42ec399
Update comments collection in gr-diff-comment-thread when its child
comment changes. Child comment is expected to send comment-update
event.
Change-Id: I8116820679b29b7511719f95ae73b48e2345102c
