Please review the change

Fix failing tests

Sidebar tests fail.

Use Bootstrap breakpoint constant

• Split tests into two files
• Rebase with master

• Update commit summary

• Minor correction: md screen >=BREAKPOINT_MD rather than >BREAKPOINT_MD

• Add bootstrap breakpoints constants

In D1583#35787, @vlorentz wrote:

In D1583#35783, @kalpitk wrote:

bootstrap breakpoint
Below 992px means sm, xs devices.

Oh, right!
Can we/should we import the constant from bootstrap instead of hardcoding it here?

In D1577#35773, @vlorentz wrote:

Could you rename the file to cypress/integration/sidebar.spec.js?

In D1583#35782, @vlorentz wrote:

Where is the value "992" coming from?

• Test sidebar widths

While working on the tests, I found that for non-lg devices (width<992), first time you press the push-menu, it doesn't toggle. Instead it adds 'sidebar-collapse' first time. I think there is some conflict between webapp-utils.js:5 and the bootstrap defaults. I couldn't find the exact cause to it.

• refactor sidebar test

• refactor sidebar test

I plan to add the following e2e tests-

1. Test basic webapp functionalities like 'sidebar', 'back-to-top'
2. Test home page displays positive stats for directories, authors,...
3. Test the origin-search with different combinations of checkboxes
4. Test basic functionality of directory view.
5. Test file being displayed (for some known format, maybe .txt)
6. Test error being displayed when invalid sha1 or unknown origin url

Update commit message

rebase with master

revert last commit

• Add tests

rebase

Abandon in favor of e2e testing with cypress

amend commit messages and rebase

• increase z-index and move popover left

Rebase with master

Rebase with master and squash reordered commits

@anlambert made all the changes.

• Made required changes

• Remove div-item css

First of all, I think, we need to run the docker (with overridden swh-web) manually. And then run the selenium test cases. (I couldn't find a better approach). However, Jenkins may be configured to run these tests after running the docker-compose.

Only admin deposit table is left. I am not sure about what priority order should I keep for the columns.

• add width 100% to api table

• update more datatables

• Redesign mobile directory view

moved js to webapp-utils.js

• Decrease beta ribbon size for small screens
• Hide donate button for small screens

By mistake pushed a new diff.
Changes made in D1510.

In D1505#33653, @anlambert wrote:

Instead of hiding the ribbon, we should make it smaller in order that it does not overflow the main page content.
After thoughts, the fact that the the archive website is an ongoing development should remain visible to the users.
Can you try that approach ?

Also can you hide the 'Donate button' for smaller display ?

I propose changes to the following to improve the mobile website -

• In the directory view, 'Mode' can be removed for mobile website. It would look cleaner.
• In the mobile view, 'Beta version' obstructs the view. I think it would be better to hide this too.
• The menu in browse, doesn't look nice. I think this would require some rework.
  
• 'Donate' button overlaps on most of devices. For mobile devices, either remove the button or maybe remove class swh-position-right.
• hide 'go to top' button when already on top (for desktop view also)
• DataTable headers don't scroll currently in mobile view. Either make the headers scroll too or make it mobile responsive (it will appear in form of dropdown in mobile view)
  
  

squash commits

• fix failing tests and make minor changes

• Fix XSS in web API interface

@anlambert I think, I have added escape wherever it was vulnerable.

• Add escape for request.META

• Add escaping for BadInputExc

• Add character escaping at more places
• Merge branch 'master' of https://forge.softwareheritage.org/source/swh-web into xss

• Fix XSS in origin/search

rebase and squash commits

@anlambert We need to remember to use 'escape' unsafe things, whenever marking some html as safe.

• move mark_safe to _generate_error_page

• use mark_safe with escape

@anlambert
Ok. Will need to rework this, to keep the links working.
But,
1- if we filter out directly while saving, it may cause some valid links being rejected.
2- if I use filterXSS, other html tags will still work.

I can confirm, all the 4 codes below work with your commit and xss is too not working.