Commit Graph

25 Commits

Author SHA1 Message Date
David Taylor 5a003715d3
DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
Matt Marjanović aa4ff47208
FEATURE: Allow `target` attribute in links in user_field descriptions (#19102)
This change adds `target` to the set of attributes allowed by the
HTML sanitizer which is applied to the description of a user_field.

The rationale for this change:

 * If one puts a link (<a>...</a>) in the description of a user_field
   that is present and/or required at sign-up, the expectation is that
   a prospective new user will click on that link during sign-up.
 * Without an appropriate `target` attribute on the link, the new page
   will be loaded in the same window/tab as the sign-up form, but this
   will obliterate any fields that the user had already filled-out on
   the form.  (E.g., hitting the back-button will return to an
   empty form.)
 * Such UX behavior is incredibly aggravating to new users.

This change allows an admin to add a `target` attribute to links, to
instruct the browser to open them in a different window/tab, leaving
a sign-up form intact.
2023-01-06 10:18:35 -03:00
David Taylor 38216f6f0b
DEV: Make user field validation more specific (#16746)
- Only validate if custom_fields are loaded, so that we don't trigger a db query
- Only validate public user fields, not all custom_fields

This commit also reverts the unrelated spec changes in ba148e08, which were required to work around these issues
2022-05-16 14:21:33 +01:00
Roman Rizzi df3eb93973
DEV: Sanitize HTML admin inputs (#14681)
* DEV: Sanitize HTML admin inputs

This PR adds on-save HTML sanitization for:

Client site settings
translation overrides
badges descriptions
user fields descriptions

I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](018cf54073/lib/rails/html/sanitizer.rb (L108))

* Make sure that the sanitization logic doesn't corrupt settings with special characters
2021-10-27 11:33:07 -03:00
Mark VanLandingham 0cba4d73c1
FEATURE: Add user custom fields to user directory (#13238) 2021-06-07 12:34:01 -05:00
Krzysztof Kotlarek e29605b79f
FEATURE: the ability to search users by custom fields (#12762)
When the admin creates a new custom field they can specify if that field should be searchable or not.

That setting is taken into consideration for quick search results.
2021-04-27 15:52:45 +10:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Maja Komel 65f3ed0689 UX: make name optional for confirmation user field (#7149) 2019-03-13 18:40:43 +01:00
Robin Ward 95f263995d FIX: Previous annotations were broken 2019-01-11 14:30:19 -05:00
Robin Ward a3839495e0 Update annotations 2019-01-11 12:19:43 -05:00
Arpit Jalan 72be638728 FEATURE: add external details to user fields 2018-09-20 08:10:51 +05:30
Guo Xiang Tan 226ace1643 Update annotations. 2018-02-20 14:28:58 +08:00
Arpit Jalan daeb7694bc update annotations 2017-12-05 21:03:20 +05:30
Sam c68999e128 annotate models
WARNING annotators out there, be to run bin/annotate on RAILS_ENV=test on a clean db
2017-08-16 10:38:11 -04:00
Sam c531f4ded5 remove rails-observers
Rails yanked out observers many many years ago, instead the functionality
was yanked out to a gem that is very lightly maintained.

For example: if we want to upgrade to rails 5 there is no published gem

Internally the usage of observers had quite a few problem.

The series of refactors renamed a bunch of classes to give us more clarity
and removed some magic.
2016-12-22 16:46:53 +11:00
Sam aee7489a5a annotate models 2016-06-17 11:28:49 +10:00
Thorben Egberts cf8b3fbd56 FEATURE: add user custom fields to user card
The user's custom fields are now displayed on the user card. This has to be enabled for each custom field in the custom field settings. See https://meta.discourse.org/t/custom-user-fields-on-usercard/22662/
2016-04-08 14:35:41 +02:00
Sam 32c681c96b annotate models 2016-02-23 10:33:53 +11:00
Sam c1ecd6f4ce update annotations 2015-09-18 10:41:10 +10:00
Robin Ward dc8a68fd29 FEATURE: New "Dropdown" user field type 2015-07-28 12:30:21 -04:00
Robin Ward 8186d86f38 FIX: Enforce max length for custom user fields 2015-02-23 13:02:30 -05:00
Sam 21402d9d9e annotations 2015-02-04 16:34:25 +11:00
Sam 6bed4e1bf0 add allowed_ips to api_keys
update annotations
2014-11-20 14:53:15 +11:00
Robin Ward 381814fd5d Adds support for a description to user fields. 2014-10-02 15:56:52 -04:00
Robin Ward 0fc0533134 FEATURE: Admin interface for adding custom fields for users 2014-09-25 16:17:51 -04:00