1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 14:00:56 +01:00
Commit graph

152 commits

Author SHA1 Message Date
epriestley
a4cc1373d3 Use a tokenizer, not a gigantic poorly-ordered "<select />", to choose repositories in Owners
Summary: Depends on D19190. Fixes T12590. Ref T13099. Replaces the barely-usable, gigantic, poorly ordered "<select />" control with a tokenizer. Attempts to fix various minor issues.

Test Plan:
  - Edited paths: include/exclude paths, from different repositories, different actual paths.
  - Used "Add New Path" to add rows, got repository selector prepopulated with last value.
  - Used "remove".
  - Used validation typeahead, got reasonable behaviors?

The error behavior if you delete the repository for a path is a little sketchy still, but roughly okay.

Maniphest Tasks: T13099, T12590

Differential Revision: https://secure.phabricator.com/D19191
2018-03-07 20:57:24 -08:00
epriestley
ab579f2511 Never generate file download forms which point to the CDN domain, tighten "form-action" CSP
Summary:
Depends on D19155. Ref T13094. Ref T4340.

We can't currently implement a strict `form-action 'self'` content security policy because some file downloads rely on a `<form />` which sometimes POSTs to the CDN domain.

Broadly, stop generating these forms. We just redirect instead, and show an interstitial confirm dialog if no CDN domain is configured. This makes the UX for installs with no CDN domain a little worse and the UX for everyone else better.

Then, implement the stricter Content-Security-Policy.

This also removes extra confirm dialogs for downloading Harbormaster build logs and data exports.

Test Plan:
  - Went through the plain data export, data export with bulk jobs, ssh key generation, calendar ICS download, Diffusion data, Paste data, Harbormaster log data, and normal file data download workflows with a CDN domain.
  - Went through all those workflows again without a CDN domain.
  - Grepped for affected symbols (`getCDNURI()`, `getDownloadURI()`).
  - Added an evil form to a page, tried to submit it, was rejected.
  - Went through the ReCaptcha and Stripe flows again to see if they're submitting any forms.

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13094, T4340

Differential Revision: https://secure.phabricator.com/D19156
2018-02-28 17:20:12 -08:00
epriestley
dba4c4bdf6 Emit a "Content-Security-Policy" HTTP header
Summary:
See PHI399. Ref T4340. This header provides an additional layer of protection against various attacks, including XSS attacks which embed inline `<script ...>` or `onhover="..."` content into the document.

**style-src**: The "unsafe-inline" directive affects both `style="..."` and `<style>`. We use a lot of `style="..."`, some very legitimately, so we can't realistically get away from this any time soon. We only use one `<style>` (for monospaced font preferences) but can't disable `<style>` without disabling `style="..."`.

**img-src**: We use "data:" URIs to inline small images into CSS, and there's a significant performance benefit from doing this. There doesn't seem to be a way to allow "data" URIs in CSS without allowing them in the document itself.

**script-src** and **frame-src**: For a small number of flows (Recaptcha, Stripe) we embed external javascript, some of which embeds child elements (or additional resources) into the document. We now whitelist these narrowly on the respective pages.

This won't work with Quicksand, so I've blacklisted it for now.

**connect-src**: We need to include `'self'` for AJAX to work, and any websocket URIs.

**Clickjacking**: We now have three layers of protection:

  - X-Frame-Options: works in older browsers.
  - `frame-ancestors 'none'`: does the same thing.
  - Explicit framebust in JX.Stratcom after initialization: works in ancient IE.

We could probably drop the explicit framebust but it wasn't difficult to retain.

**script tags**: We previously used an inline `<script>` tag to start Javelin. I've moved this to `<data data-javelin-init ...>` tags, which seems to work properly.

**`__DEV__`**: We previously used an inline `<script>` tag to set the `__DEV__` mode flag. I tried using the "initialization" tags for this, but they fire too late. I moved it to `<html data-developer-mode="1">`, which seems OK everywhere.

**CSP Scope**: Only the CSP header on the original request appears to matter -- you can't refine the scope by emitting headers on CSS/JS. To reduce confusion, I disabled the headers on those response types. More headers could be disabled, although we're likely already deep in the land of diminishing returns.

**Initialization**: The initialization sequence has changed slightly. Previously, we waited for the <script> in bottom of the document to evaluate. Now, we go fishing for tags when domcontentready fires.

Test Plan:
  - Browsed around in Firefox, Safari and Chrome looking for console warnings. Interacted with various Javascript behaviors. Enabled Quicksand.
  - Disabled all the framebusting, launched a clickjacking attack, verified that each layer of protection is individually effective.
  - Verified that the XHProf iframe in Darkconsole and the PHPAST frame layout work properly.
  - Enabled notifications, verified no complaints about connecting to Aphlict.
  - Hit `__DEV__` mode warnings based on the new data attribute.
  - Tried to do sketchy stuff with `data:` URIs and SVGs. This works but doesn't seem to be able to do anything dangerous.
  - Went through the Stripe and Recaptcha workflows.
  - Dumped and examined the CSP headers with `curl`, etc.
  - Added a raw <script> tag to a page (as though I'd found an XSS attack), verified it was no longer executed.

Maniphest Tasks: T4340

Differential Revision: https://secure.phabricator.com/D19143
2018-02-27 10:17:30 -08:00
epriestley
aba209e999 Hide the Differential scroll objective list on trackpad systems
Summary:
Ref T12733. In the longer run I'd like to just push this out from the edge, but that currently gets us into trouble since we start bumping into content. On my system, the trackpad scrollbar also expands in size when moused over, so the minimum number of pixels we need to push it out is approximatley 15px. This hits body content and the persistent chat.

For now, just disable this element on trackpad systems.

Test Plan:
Disconnected all USB peripherals, quit and relaunched Safari, saw no objective list.

Reconnected mouse, relaunched Safari, saw objective list.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12733

Differential Revision: https://secure.phabricator.com/D17974
2017-05-20 07:56:21 -07:00
epriestley
51df02821b Move the "select a line range" inline code to DiffInline
Summary: Ref T12616. This makes line range selection use the new code, and removes the remainder of the old "hover a line number" / "select a line range" code.

Test Plan: Hovered line numbers; selected line ranges.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12616

Differential Revision: https://secure.phabricator.com/D17927
2017-05-17 08:41:26 -07:00
epriestley
8fdc1bff5f When disconnected from Aphlict after a successful connection, retry the first reconnect right away
Summary:
Fixes T12567. We currently retry after 2s, 4s, 8s, 16s, ...

If we connected cleanly once, retry the first time right away. There are a bunch of reasonable cases where this will work fine and we don't need to wait. Then we fall back: 0s, 2s, 4s, 8s, ...

Test Plan: {F4911905}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12567

Differential Revision: https://secure.phabricator.com/D17706
2017-04-17 15:53:29 -07:00
epriestley
1212047843 Add a "Reconnect" debugging action and show reconnect delays in the console
Summary: Ref T12568. Ref T12567. Allows you to force a reconnect, and shows the reconnect delay on connection close/failure.

Test Plan: {F4911879}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12568, T12567

Differential Revision: https://secure.phabricator.com/D17705
2017-04-17 15:51:24 -07:00
epriestley
28c68eb4fd Decrease JX.Leader lease duration from 16,000ms to 1,500ms and usurp more aggressively
Summary:
Ref T12573. `JX.Leader` synchronizes the Aphlict connection across multiple windows.

Currently, we only test to see if the leader window has been closed every 16 seconds. Instead, test every 1.5 seconds.

Also, make windows keep trying to become the leader forever. This was removed previously (in D15806) but I think that change decreased robustness here.

Test Plan:
  - Opened two windows to the "Realtime" tab in DarkConsole.
  - Saw one become the leader and one become a follower.
  - (Optionally, wait for 10 seconds here to test the "keep trying to become the leader" behavior.)
  - Closed the leader.
  - Saw the follower become the leader after ~1.5 seconds.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12573

Differential Revision: https://secure.phabricator.com/D17703
2017-04-17 15:48:47 -07:00
Chad Little
5e16e46039 Remove "Aleo" as specialized font for headers
Summary: Fixes T11865. Part of a 'clean up remarkup' pass, removing Aleo helps simplify coding, is lighter on the wire, and gives a more consistent, clean look.

Test Plan: run celerity, grep for 'aleo' and 'Aleo', test Phriction, tasks

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T11865

Differential Revision: https://secure.phabricator.com/D17535
2017-03-22 09:57:00 -07:00
Chad Little
7e3adb1257 Add FontAwesome 4.7.0
Summary: Adds most up to date version of FontAwesome

Test Plan: {icon snowflake-o}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D17293
2017-02-01 16:34:48 -08:00
epriestley
b02f64f6ee Make project token sorting and normalization a little less hacky
Summary:
Ref T8510. Use "\n" as a delimiter between name sections. Specifically, project "AAA" with tag "zzz" should be a better match for query "AAA" than project "AAA BBB" is.

Make use of this delimiter slighlty more obvious in the UI.

Test Plan:
  - Created projects "Phacility" and "Phacility Core Access".
  - Typed "Phacility".
  - Before patch: first hit is "Phacility Core Access".
  - After patch: first hit is "Phacility".
  - Viewed debugging output table, saw visual explanation of behavior.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8510

Differential Revision: https://secure.phabricator.com/D16886
2016-11-17 08:02:23 -08:00
epriestley
9a10413dbc Improve typeahead behavior with mixed-case matches
Summary:
Ref T8510. We had two issues with mixed-case result sorting, like typing `@joe` to match user `Joe`.

  - The fallback sort was not normalized properly, so "J" could sort after "j". Instead, normalize values for sorting.
  - The `prefix_hits` and older `priority_hits` mechanisms were competing destructively. The `prefix_hits` mechanism completely replaces the `priority_hits` mechanism. Instead, use only the `prefix_hits` mechanism.

Test Plan:
  - Copied results for "joe" from WMF.
  - Hard-coded the controller to return them.
  - Searched for `@joe`.
  - After patches, first hit is user "Joe".

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8510

Differential Revision: https://secure.phabricator.com/D16826
2016-11-08 11:50:15 -08:00
epriestley
3198aa1659 Allow dialogs to opt in to being resizable
Summary: Ref T11034. Ref T4788. This allows you to resize the typeahead browse dialog if you want. I plan to let you resize the object selector dialog in the future.

Test Plan: {F1695433}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4788, T11034

Differential Revision: https://secure.phabricator.com/D16156
2016-06-20 19:13:58 -07:00
epriestley
ad0562e15e Improve some typeahead matching behaviors
Summary:
Ref T8510. Sort prefix matches above non-prefix matches, so that "Ape Discovery" does not match "discovery" better than "Discovery".

Sort functions last.

Rename function internal strings so they don't get over-promoted the prefix-match rules.

Add kind of a hack to get "Project X" sorting above all the "Project X (Milestone 1)" results.

Test Plan:
Created "Ape Discovery", "Baboon Discovery", "Chimpanzee Discovery", etc.

Main project now sorts above milestones:

{F1681773}

Prefix matches now sort above other matches:

{F1681774}

Function results (rarely used) are now less prominent:

{F1681775}

Better function results here:

{F1681776}

More function results:

{F1681777}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8510

Differential Revision: https://secure.phabricator.com/D16094
2016-06-09 13:22:34 -07:00
epriestley
f2c36a934e Provide an <input type="file"> control in Remarkup for mobile and users with esoteric windowing systems
Summary:
Ref T5187. This definitely feels a bit flimsy and I'm going to hold it until I cut the release since it changes a couple of things about Workflow in general, but it seems to work OK and most of it is fine.

The intent is described in T5187#176236.

In practice, most of that works like I describe, then the `phui-file-upload` behavior gets some weird glue to figure out if the input is part of the form. Not the most elegant system, but I think it'll hold until we come up with many reasons to write a lot more Javascript.

Test Plan:
Used both drag-and-drop and the upload dialog to upload files in Safari, Firefox and Chrome.

{F1653716}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T5187

Differential Revision: https://secure.phabricator.com/D15953
2016-05-20 16:24:22 -07:00
epriestley
58b55c2fa6 Probably improve behavior around duplicate notifications
Summary:
We're sometimes getting duplicate notifications right now. I think this is because multiple windows are racing and becoming leaders.

Clean this up a little:

  - Fix the `timeoout` typo.
  - Only try to usurp once.
  - Use different usurp and expire delays, so we don't fire them at the exact same time.

Not sure if this'll work or not but it should theoretically be a little cleaner.

Test Plan:
  - Quit Safari, reopened Safari, still saw a fast reconnect to the notification server (this is the goal of usurping).
  - Did normal notification stuff like opening a chat in two windows, got notifications.
  - Hard to reproduce the race for sure, but this at least fixes the outright `timeoout` bug.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D15806
2016-04-27 03:56:55 -07:00
epriestley
2930733ac9 Complete modernization of Aphlict configuration
Summary:
Fixes T10697. This finishes bringing the rest of the config up to cluster power levels.

Phabricator is now given an arbitrarily long list of notification servers.

Each Aphlict server is given an arbitrarily long list of ports to run services on.

Users are free to make them meet in the middle by proxying whatever they want to whatever else they want.

This should also accommodate clustering fairly easily in the future.

Also rewrote the status UI and changed a million other things. 🐗

Test Plan:
{F1217864}

{F1217865}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10697

Differential Revision: https://secure.phabricator.com/D15703
2016-04-14 04:57:00 -07:00
Chad Little
75ba6058b9 Update to FontAwesome 4.6.0
Summary: Updates to the latest icon packages

Test Plan: View UIExamples, find new Icons

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15684
2016-04-11 11:34:59 -07:00
epriestley
c286d2b441 Don't try to center dialogs horizontally
Summary:
Fixes T10302. I think we had fixed-width dialog containers in the past (?) but they all handle their own centering now.

This was causing them to be slightly off-center as a result, and creating the 7px issue in T10302.

Test Plan:
  - Viewed a wide dialog (task edit).
  - Viewed a narrow dialog (notification dismissal confirmation).
  - Viewed dialogs on wide/narrow screens.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10302

Differential Revision: https://secure.phabricator.com/D15529
2016-03-26 12:29:36 -07:00
epriestley
f5c686d6a4 Swap charts from gRaphael to D3
Summary:
Mostly, this has just been sitting in my sandbox for a long time. I may also touch some charting stuff with subprojects/milestones, but don't have particular plans to do that.

D3 seems a bit more flexible, and it's easier to push more of the style logic into CSS so you can fix my design atrocities. gRaphael also hasn't been updated in ~3+ years.

Test Plan:
{F1085433}

{F1085434}

Reviewers: chad

Reviewed By: chad

Subscribers: cburroughs, yelirekim

Differential Revision: https://secure.phabricator.com/D15155
2016-02-01 10:36:59 -08:00
epriestley
bf43d4cf2a Don't mutate DOM on touch-originated cursor events in Differential
Summary:
Fixes T10229. Broadly:

  - When the user hovers over a line number or inline comment, we update the yellow reticle to highlight the relevant lines. Specifically, this is in response to a `mouseover` event.
  - On touch devices, touches fire `mouseover` and if you mutate the DOM inside the event, the device aborts the touch.

To remedy this:

  - Distingiush between mouse-originated and touch-originated cursor events.
    - We do this, roughly, by setting a flag when we see "touchstart", and clearing it when we see the second copy of any unique cursor event.
    - This method is complex, but should be robust to any implementation differences between devices (for example, it will work no matter which order the events are fired in).
    - This method should also produce the correct results on weird devices that have both mouse-devices and touch-devices available for cursor input.
  - When we see a touch-originated `mouseover` or `mouseout`, don't mutate the DOM.
  - Put an extra DOM mutation into the `click` event to improve highlighting behavior on touch devices.

Test Plan:
  - In iOS Simulator (4s, iOS 9.2), clicked various inline actions ("Reply", "Hide", "Done", "Cancel", line numbers, etc). Got responses after a single touch.
  - Verified hover + click behavior on a desktop.
  - Logged and examined a bunch of events as a general sanity check.

Reviewers: chad

Reviewed By: chad

Subscribers: aljungberg

Maniphest Tasks: T10229

Differential Revision: https://secure.phabricator.com/D15136
2016-01-29 06:55:41 -08:00
epriestley
75b8d3312b Hide the autocompleter intelligently when you ignore it and keep typing
Summary:
Ref T10163. When we think the user has finished typing a word (because they typed a space, period, or other similar characters) and nothing else they might type could possibly change the outcome (usually because the words they have typed already match nothing), just deactivate the autocomplete.

As a special case, if the word they have typed already select exactly one result, //and// they have already typed exactly that result,  assume they just typed it from memory and deactivate.

Test Plan:
  - Typed `@dog qwer zxcv` and saw autocomplete deactivate on the space before `z` (on my local install, `@dog` is ambiguous but `@dog qwer` matches nothing).
  - Typed `@epriestley ` and saw autocomplete deactivate on space.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10163

Differential Revision: https://secure.phabricator.com/D15039
2016-01-16 14:41:43 -08:00
epriestley
a07a06ab08 Give custom controls passable disabled states
Summary: Fixes T9871. Ref T10004. These won't win any awards but it fixes them being incredibly weird and confusing.

Test Plan:
{F1029090}

  - Tried to use controls, got reasonable behavior.
  - Used normal controls to make sure I didn't break anything.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9871, T10004

Differential Revision: https://secure.phabricator.com/D14814
2015-12-17 15:13:28 -08:00
epriestley
e869e7df0b When logged-out users hit a "Login Required" dialog, try to choose a better "next" URI
Summary:
Ref T10004. After a user logs in, we send them to the "next" URI cookie if there is one, but currently don't always do a very good job of selecting a "next" URI, especially if they tried to do something with a dialog before being asked to log in.

In particular, if a logged-out user clicks an action like "Edit Blocking Tasks" on a Maniphest task, the default behavior is to send them to the standalone page for that dialog after they log in. This can be pretty confusing.

See T2691 and D6416 for earlier efforts here. At that time, we added a mechanism to //manually// override the default behavior, and fixed the most common links. This worked, but I'd like to fix the //default// beahvior so we don't need to remember to `setObjectURI()` correctly all over the place.

ApplicationEditor has also introduced new cases which are more difficult to get right. While we could get them right by using the override and being careful about things, this also motivates fixing the default behavior.

Finally, we have better tools for fixing the default behavior now than we did in 2013.

Instead of using manual overrides, have JS include an "X-Phabricator-Via" header in Ajax requests. This is basically like a referrer header, and will contain the page the user's browser is on.

In essentially every case, this should be a very good place (and often the best place) to send them after login. For all pages currently using `setObjectURI()`, it should produce the same behavior by default.

I'll remove the `setObjectURI()` mechanism in the next diff.

Test Plan: Clicked various workflow actions while logged out, saw "next" get set to a reasonable value, was redirected to a sensible, non-confusing page after login (the page with whatever button I clicked on it).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10004

Differential Revision: https://secure.phabricator.com/D14804
2015-12-17 08:30:03 -08:00
epriestley
29e2acd525 Have "limit=1" tokenizers replace tokens instead of disabling "Browse"
Summary:
Fixes T9984. When a tokenizer only allows one selection (like "Task Owner:" or "Land Onto Branch:"), keep the browse button active but have it //replace// values.

Also, have "Create Subtask" default to the system default status, so subtasks of closed tasks are not also closed.

Test Plan:
  - Browsed an empty limit=1 tokenizer.
  - Replaced a full limit=1 tokenizer.
  - Browsed an empty no-limit tokenizer.
  - Browsed more tokens into the no-limit tokenizer.
  - Typed some tokens normally.
  - Created a subtask of a closed task.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9984

Differential Revision: https://secure.phabricator.com/D14785
2015-12-14 15:29:42 -08:00
epriestley
3680d959dd Disable tokenizer "Browse" button once tokenizer is full
Summary: Ref T7858. Don't let users add multiple values to single-value tokenizers by using the "Browse" button.

Test Plan:
  - Added a token, browse button was disabled.
  - Removed the token, browse button was enabled again.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7858

Differential Revision: https://secure.phabricator.com/D14738
2015-12-10 17:50:05 -08:00
Chad Little
8f23e41f62 Update to FontAwesome 4.5
Summary: New icons

Test Plan: Use new icons

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14568
2015-11-24 08:52:33 -08:00
Chad Little
2ca269cb31 Replace Roboto Slab with Aleo for PHUIDocumentView
Summary: These fonts are functionally very similar, but in diagnosing a problem with mobile Safari/Chrome, it turned out that our use of "bold" with the "normal" font build created a "semibold" look when on desktop and a "normal" look on mobile. The "semibold" feel is more important, so finding a lighter "bold" font was the impetus for this font switch. As it turns out **Aleo** is built by the same author as **Lato** (our other font) and is intended as it's companion. So stylistically, this is the more correct font.

Test Plan:
Test Phriction, Legalpad, Diviner, Desktop and Mobile

{F938013}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14391
2015-11-02 20:02:42 -08:00
Chad Little
f5c1083764 Smaller Roboto Slab files
Summary: Generated Roboto Slab with the same settings as Lato, which produces a smaller file. Also hope it fixes mobile kerning.

Test Plan: View various documents, fonts look identical.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14388
2015-11-02 13:49:26 -08:00
epriestley
fe66d52a22 Don't copy null attributes passed to JX.$N()
Summary:
Fixes T8919. In Safari, `node.href = null;` has no effect, but in Chrome it is like `node.href = "null";`.

Instead, just use semantics similar to `phutil_tag()`: don't assign attributes with `null` values.

Test Plan:
No more `/null` href in Chrome in Owners typehaead.

Typeahead still works in Chrome/Safari.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8919

Differential Revision: https://secure.phabricator.com/D14021
2015-08-31 15:52:04 -07:00
Chad Little
360eb85249 Update to FontAwesome 4.4.0
Summary: New Calendar icons!

Test Plan: Try new icons. See new icons.

Reviewers: lpriestley, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13761
2015-07-30 11:04:51 -07:00
Joshua Spence
184623a7c6 Remove a random file
Summary: This was probably committed accidentally?

Test Plan: N/A

Reviewers: epriestley, chad, #blessed_reviewers

Reviewed By: chad, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13632
2015-07-15 08:31:21 +10:00
Chad Little
bdd0e340ff Smaller Lato font footprint
Summary:
About 1/3 the size. The "Full" Lato set is over 3000 Glyphs, this was a handbuilt set of Latin, Latin-A, and Latin-B. Specific Unicode set:

```U+0100-024F, U+1E00-1EFF, U+20A0-20AB, U+20AD-20CF, U+2C60-2C7F, U+A720-A7FF, U+0000-00FF, U+0131, U+0152-0153, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2212, U+2215, U+E0FF, U+EFFD, U+F000```

This unicode set is what Google Fonts uses as "Latin,Latin-Ext"

Test Plan: Built test pages in Phriction for Latin-A, Latin-B. Checked Chrome, Firefox, Mac and PC. If issues get reported, can default back to larger font pack.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8755

Differential Revision: https://secure.phabricator.com/D13558
2015-07-06 07:17:11 -07:00
Chad Little
ab7dc13c67 Rebuild Lato fonts for Firefox
Summary: Rebuilt Lato font for Firefox, x-height to 100%. Ref T8755

Test Plan: Test Firefox //without// having a local copy of Lato installed on my Mac.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8755

Differential Revision: https://secure.phabricator.com/D13556
2015-07-05 12:28:12 -07:00
Chad Little
5457135951 [Redesign] Full Lato font kit
Summary: Ref T8755, Adds full fallback support for Lato, the default Phabricator font and champion of Azeroth.

Test Plan: Verify fonts are being used everywhere as expected.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8755

Differential Revision: https://secure.phabricator.com/D13553
2015-07-04 14:30:18 -07:00
Chad Little
4c7208cfa9 [Redesign] Rebuild Roboto Slab
Summary: Ref T8755. Hunting down some display issues with the fonts on certain computers (Ubuntu, Windows, Chrome Mobile). Hopefully having the full font fallback tree will resolve the issues.

Test Plan: Review Phriction on my Mac, no distinguishable difference. Will test Ubuntu after it lands.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8755

Differential Revision: https://secure.phabricator.com/D13552
2015-07-04 13:16:47 -07:00
Chad Little
a89483ee5b [Redesign] Swap Slabo for Roboto Slab
Summary: Ref T8099, Moving to Roboto Slab for Document Headers. It's a little less serif-y and fits well with Lato. Also took a pass at cleaning up edge cases in Documents, Diviner, Phriction, Legalpad, and Welcome Screen.

Test Plan: Test Phriction, Diviner, Legalpad, Welcome Screen

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8099

Differential Revision: https://secure.phabricator.com/D13439
2015-06-25 09:20:51 -07:00
Chad Little
bbf093ed33 [Redesign] Use full Lato 2 font set
Summary: Ref T8099, Instead of Latin subset, this uses full 3000+ Glyph set for rendering.

Test Plan: Test a few various languages in my Phriction documents.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8099

Differential Revision: https://secure.phabricator.com/D13437
2015-06-25 07:43:58 -07:00
Chad Little
b3523adff4 [Redesign] Use Slabo font for headers, Remove Oswald
Summary: Couple of reasons here. Mainly, we're looking at Serif fonts for Phacility, so having headers tie back seems worth exploring. Also Oswals was a bit heavy, and in trying to find a replacement with similiar distinction, was unable to find anything suitable. Trying out Slabo here and have been pleasantly surprised how well the Serif/Sans-Serif combination works here, typographically.

Test Plan:
Test Objects, Documents, and Dashboards.

{F500207}

{F500208}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13279
2015-06-14 17:35:01 +01:00
Chad Little
9170e90112 [Redesign] Move basefont to Lato, remove Source Sans Pro
Summary: Working towards a more unified look and feel. This brings in Lato as a complete base font over Helvetica Neue, as well as removing Source Sans Pro from DocumentView and Conpherence. Design-wise Lato provides the nice readability at larger font sizes that Source Sans Pro did, with the ability to scale down to tables and UI widgets with ease. This gives us one font instead of two, and now Object descriptions and Timeline posts all can benefit from a consistent, readable font.

Test Plan:
Test main UI, smaller elements like tables, menus, DocumentViews, Previews, Conpherence.

{F498135}

{F498136}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13276
2015-06-13 20:32:45 +01:00
epriestley
57b898af9a Merge branch 'master' into redesign-2015 2015-06-10 07:44:58 -07:00
Chad Little
8fca881093 [Redesign] Move headers to Oswald font
Summary: Ref T8099, I want to live with this for a few weeks. I've grow to like that it gives more distinction to ObjectBox Headers and fits very nicely as headers in DocumentView. Even if we don't use them for all headers, Documents are much nicer to me at least with a more visually impactful font (Source Sans doesn't make a great header).

Test Plan:
Review dashboards, objects, Diviner, Phriction, Legalpad, and misc other pages.

{F466410}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T8099

Differential Revision: https://secure.phabricator.com/D13127
2015-06-03 10:23:28 -07:00
Joshua Spence
445caf1d97 Change monospace text formatting
Summary: Using `##` can cause some formatting issues, see D13071.

Test Plan: See D13071.

Reviewers: epriestley, #blessed_reviewers, chad

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D13072
2015-05-31 10:07:45 +10:00
Aviv Eyal
1aa8bc319b Search symbols by ctrl/cmd-click
Summary:
Refs T8302.
V1 of the implementation. This replaces the previous mode, but I guess there's no real reason we can't have
some symbols always clickable and the rest require modifier.

I'm also a little concerned about discoverability; Holding down ctrl/cmd will make the cursor change, so there's
some hint that something might be up, but that's probably not obvious enough.

Test Plan:
Tested in diffusion and differential and differential comments on:
- Windows/Chrome,
- Windows/IE 11
- LInux/Firefox 38
- Mac/Chrome
- Mac/Safari

Reviewers: chad, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley, joshuaspence

Maniphest Tasks: T8302

Differential Revision: https://secure.phabricator.com/D13034
2015-05-28 15:33:06 -07:00
lkassianik
6b1d13bfaf Time control typeaheads.
Summary: Ref T8031, Time control typeaheads

Test Plan: Edit an event, type '3', typeahead should suggest, '3:00 AM', '3:30 AM', '3:00 PM', '3:30 PM'.

Reviewers: chad, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T8031

Differential Revision: https://secure.phabricator.com/D12953
2015-05-20 09:51:26 -07:00
epriestley
c94bd8e4f2 Stop using JX.Scrollbar for main page content
Summary:
Ref T8151. This is option (5). It needs a few adjustments but feels pretty good. Major issues are:

  - Without a mouse, the scrollbars overlap by default, so we //must// move the column off the right margin.
  - Scrolling sometimes "bleeds" between the chat vs the main frame in a way that's not as discrete as the old framed content, but feels generally reasonable to me.

If we pursue this, I'd plan to make these additional changes:

  - Move the panel away from the right margin only if the page scrollbars are zero-width (i.e., in OSX trackpad mode).
  - Fix the notch in the upper right corner when the chat is moved away from the right margin.
  - Probably remove the body "overflow-y: scroll" on Conpherence and Workboards.
  - Update the resizing code to deal with 300px vs 315px widths.
  - We can probably clean up some JX.Scrollbar "main panel" code.

Here's the "bad" case, where I've visually separated the column to provide room for a scrollbar. This isn't ideal, but looks and feels OK to me:

{F398375}

Test Plan:
  - Tried Firefox, Chrome, Safari, with and without a mouse.
  - Tried normal Conpherence.

Reviewers: btrahan, chad

Reviewed By: btrahan

Subscribers: avivey, epriestley

Maniphest Tasks: T8151

Differential Revision: https://secure.phabricator.com/D12789
2015-05-11 12:02:00 -07:00
Bob Trahan
5520dbfac6 Quicksand and Pholio - make mock edit work
Summary: Fixes T8036. In addition to making the mock edit work, this tightens quicksand code such that the correct page id is returned even if start() has not been called yet. It also tightens mock view where some functions should respect statics.enabled a bit more.

Test Plan:
clicked edit mock, mock crumb, edit mock, mock crum, edit mock, made edits and they worked! clicked edit mock, mock crumb, edit mock, mock crumb, edit mock, profile icon, hit browser back to edit mock, made edits and they worked!

also observed mock view page not occasionally wigging out from image_onload race not having statics.enabled respect during the above

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T8036

Differential Revision: https://secure.phabricator.com/D12739
2015-05-07 10:42:07 -07:00
Bob Trahan
1db79044b5 Quicksand - fix toggle behavior to work with quicksand
Summary:
Fixes T7919. This is a pretty generic toggle behavior. Make it quicksand ready by making it install only once and swallow the regular "click" event so the quicksand "click" event doesn't get funky with it.

Also fixes a bug in Quicksand that I discovered developing / testing this feature. We have to update the internal member variable to be better than 0 similarly to how id works. So do that.

Test Plan: went to phriction, toggled menu open, clicked home, clicked phriction and toggled menu again. Went back in history and noted menu was left to toggle state I previously had it. (currently a feature, not a bug)

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7919

Differential Revision: https://secure.phabricator.com/D12708
2015-05-04 14:38:50 -07:00
Bob Trahan
6575cc568d Quicksand - fix spooky back button issue
Summary: Fixes T7911.

Test Plan:
 - load a page
 - click something else
 - go back to original page via clicking
 - browser refresh
 - click something else
 - browser back -- and it now works!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7911

Differential Revision: https://secure.phabricator.com/D12603
2015-04-28 17:20:32 -07:00
Bob Trahan
00f864b359 Quicksand - fix project board page and quicksand
Summary: Fixes T7913. Collapse the separate board dropdown into the board projects behavior; we always need that anyway and now we can install the listener more granularly.

Test Plan:
 - visted project board
 - invoked create task, cancelled dialog
 - visited project feed
 - visited project board
 - invoked create task, cancelled dialog (FAILED pre patch...!)

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7913

Differential Revision: https://secure.phabricator.com/D12599
2015-04-28 14:51:49 -07:00