Skip to content

fix(compose): avoid modal trap by removing Dialog wrapper#1749

Closed
bas3line wants to merge 3 commits intoMail-0:stagingfrom
bas3line:fix/ux-security-flaws
Closed

fix(compose): avoid modal trap by removing Dialog wrapper#1749
bas3line wants to merge 3 commits intoMail-0:stagingfrom
bas3line:fix/ux-security-flaws

Conversation

@bas3line
Copy link

@bas3line bas3line commented Jul 17, 2025

Description

It improves screen reader support and navigation by replacing modal with a full screen layout. this also avoids focus traps and aligns better with expected behavior for a standalone compose screen


Type of Change

Please delete options that are not relevant.

  • 🐛 Bug fix (non-breaking change which fixes an issue)
  • ✨ New feature (non-breaking change which adds functionality)
  • 💥 Breaking change (fix or feature with breaking changes)
  • 📝 Documentation update
  • [<> ] 🎨 UI/UX improvement
  • 🔒 Security enhancement
  • ⚡ Performance improvement

Areas Affected

Please check all that apply:

  • Email Integration (Gmail, IMAP, etc.)
  • [ <>] User Interface/Experience
  • [<> ] Authentication/Authorization
  • Data Storage/Management
  • API Endpoints
  • Documentation
  • Testing Infrastructure
  • Development Workflow
  • Deployment/Infrastructure

Testing Done

Describe the tests you've done:

  • Unit tests added/updated
  • Integration tests added/updated
  • [ <> ] Manual testing performed
  • [ <>] Cross-browser testing (if UI changes)
  • [ <>] Mobile responsiveness verified (if UI changes)

Security Considerations

For changes involving data or authentication:

  • [ <>] No sensitive data is exposed
  • [ <>] Authentication checks are in place
  • Input validation is implemented
  • Rate limiting is considered (if applicable)

Checklist

  • [ <>] I have read the CONTRIBUTING document
  • [ <>] My code follows the project's style guidelines
  • [ <>] I have performed a self-review of my code
  • [ <>] I have commented my code, particularly in complex areas
  • I have updated the documentation
  • [ <>] My changes generate no new warnings
  • I have added tests that prove my fix/feature works
  • [ <>] All tests pass locally
  • [ <>] Any dependent changes are merged and published

Additional Notes

This change replaces the Compose modal with a full-page layout to improve accessibility and usability.
Dialog was removed to avoid keyboard traps and improve screen reader support.
Redirect logic is preserved and tested for login + mailto handling.

By submitting this pull request, I confirm that my contribution is made under the terms of the project's license.

Summary by CodeRabbit

  • New Features

    • The compose email page now opens as a full-page view instead of a modal dialog, providing a more accessible and user-friendly experience.
  • Refactor

    • Improved clarity and reliability in extracting and handling query parameters when composing a new email.

Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jul 17, 2025

Walkthrough

The compose mail page was refactored to remove modal dialog UI components and instead use a full-page container. The loader logic was clarified by assigning query parameters to variables and returning an explicit object. Comments were added to explain the changes and address accessibility and UX considerations.

Changes

File(s) Change Summary
apps/mail/app/(routes)/mail/compose/page.tsx Removed dialog-related imports and components, refactored loader for clarity, updated comments

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant ComposePage
  participant clientLoader
  participant CreateEmail

  User->>ComposePage: Navigates to /mail/compose
  ComposePage->>clientLoader: Loads query parameters
  clientLoader-->>ComposePage: Returns extracted parameters
  ComposePage->>CreateEmail: Renders with initial props
Loading

Possibly related PRs

Suggested reviewers

  • ahmetskilinc

Poem

In the warren where emails arise,
The modal is gone—what a surprise!
Now a full page to write,
With parameters right,
Compose with delight, under open sky’s light.
🐇✉️


📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d9db7a4 and b071f74.

📒 Files selected for processing (1)
  • apps/mail/app/(routes)/mail/compose/page.tsx (1 hunks)
🧰 Additional context used
🧠 Learnings (2)
📓 Common learnings
Learnt from: danteissaias
PR: Mail-0/Zero#902
File: apps/mail/components/connection/add.tsx:77-77
Timestamp: 2025-05-07T16:55:46.513Z
Learning: For the "Upgrade" link in AddConnectionDialog, using a proper <button> element instead of a <span> with onClick is recognized as an accessibility improvement but was deferred as out of scope in PR #902 (CSS variables PR).
Learnt from: danteissaias
PR: Mail-0/Zero#618
File: apps/mail/components/mail/mail-iframe.tsx:12-12
Timestamp: 2025-04-07T20:46:11.697Z
Learning: In the Mail-0/Zero application, sender emails are guaranteed to be non-empty when passed to components that handle them, making additional empty string validation unnecessary.
apps/mail/app/(routes)/mail/compose/page.tsx (6)
Learnt from: retrogtx
PR: Mail-0/Zero#1468
File: apps/server/src/trpc/routes/mail.ts:331-331
Timestamp: 2025-06-28T03:56:09.376Z
Learning: In apps/server/src/trpc/routes/mail.ts, the user indicated they are not using ISO format for the scheduleAt parameter, despite the frontend code showing toISOString() usage in the ScheduleSendPicker component.
Learnt from: retrogtx
PR: Mail-0/Zero#1734
File: apps/server/src/lib/driver/google.ts:211-221
Timestamp: 2025-07-15T06:46:33.321Z
Learning: In apps/server/src/lib/driver/google.ts, the normalization of "draft" to "drafts" in the count() method is necessary because the navigation item in apps/mail/config/navigation.ts has id: 'drafts' (plural) while the Google API returns "draft" (singular). The nav-main.tsx component matches stats by comparing stat.label with item.id, so the backend must return "drafts" for the draft counter badge to appear in the sidebar.
Learnt from: retrogtx
PR: Mail-0/Zero#1328
File: apps/mail/lib/hotkeys/mail-list-hotkeys.tsx:202-209
Timestamp: 2025-06-18T17:26:50.918Z
Learning: In apps/mail/lib/hotkeys/mail-list-hotkeys.tsx, the switchCategoryByIndex function using hardcoded indices for category hotkeys does not break when users reorder categories, contrary to the theoretical index-shifting issue. The actual implementation has constraints or mechanisms that prevent hotkey targeting issues.
Learnt from: retrogtx
PR: Mail-0/Zero#1468
File: apps/server/src/trpc/routes/mail.ts:386-391
Timestamp: 2025-06-27T04:59:29.731Z
Learning: In apps/server/src/trpc/routes/mail.ts, the attachment processing logic conditionally handles mixed attachment types - it preserves existing File-like objects with arrayBuffer methods while only converting serialized attachments that need processing through toAttachmentFiles.
Learnt from: danteissaias
PR: Mail-0/Zero#458
File: apps/mail/lib/email-utils.ts:126-131
Timestamp: 2025-03-16T23:14:09.209Z
Learning: When working with mailto URLs in JavaScript/TypeScript, the `url.pathname` property correctly extracts the email address from a mailto URL (e.g., for "mailto:test@example.com?subject=Test", `url.pathname` will be "test@example.com").
Learnt from: danteissaias
PR: Mail-0/Zero#618
File: apps/mail/components/mail/mail-iframe.tsx:12-12
Timestamp: 2025-04-07T20:46:11.697Z
Learning: In the Mail-0/Zero application, sender emails are guaranteed to be non-empty when passed to components that handle them, making additional empty string validation unnecessary.
🔇 Additional comments (4)
apps/mail/app/(routes)/mail/compose/page.tsx (4)

8-10: Good formatting improvement for readability.

The block format for the session check enhances code readability and consistency.


13-19: Excellent refactoring to eliminate duplicate parameter access.

Extracting the to parameter into toParam variable eliminates the duplicate url.searchParams.get('to') call and improves code readability while maintaining the same functionality.


21-30: Excellent improvement with important security documentation.

The explicit object creation is more readable and maintainable than Object.fromEntries. The security comment about XSS prevention and responsibility delegation to the CreateEmail component is valuable documentation.


36-49: Excellent accessibility improvement by removing modal trap.

The replacement of the Dialog wrapper with a full-page container directly addresses the PR objective of improving accessibility and screen reader support. The full-screen styling and direct rendering of CreateEmail maintains all functionality while eliminating keyboard traps.

✨ Finishing Touches
  • 📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cubic reviewed 1 file and found no issues. Review PR in cubic.dev.

@jazzberry-ai
Copy link

jazzberry-ai bot commented Jul 24, 2025

Bug Report

Name: Missing Focus Management in Compose Page
Severity: Critical
Example test case: Open the compose page and try to navigate out of it using the tab key. Observe that the focus is trapped within the compose page.
Description: The patch removes the Dialog component from the compose page, which provided focus management. This results in a focus trap, making the application unusable for keyboard users and screen reader users. Focus management needs to be re-implemented after removing the dialog.

Comments? Email us. Your free trial ends in 5 days.

@ahmetskilinc
Copy link
Contributor

this page isnt used anymore. closing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants