Skip to content

Improve chat scroll behavior and 508 usability#983

Merged
paullizer merged 6 commits into
microsoft:Developmentfrom
Xeelee33:fix-508-scroll
Jul 1, 2026
Merged

Improve chat scroll behavior and 508 usability#983
paullizer merged 6 commits into
microsoft:Developmentfrom
Xeelee33:fix-508-scroll

Conversation

@chadpalmer

Copy link
Copy Markdown
Contributor

Summary

  • Refines chat scroll behavior so conversations load and stay at the bottom without flickering between top and bottom.
  • Ensures user-sent messages are always visible after sending, while avoiding unexpected jumps when the user has scrolled up to read earlier content.
  • Keeps the chat JavaScript as ES modules and reuses the existing global scroll helper for consistency.

Changes

  • Chat conversations
    • Updated selectConversation to load messages and reattach streaming, then scroll to the bottom once per branch (collaborative vs non‑collaborative), instead of scrolling multiple times during initial load.
    • Added a scrollConversationViewToBottom helper that uses requestAnimationFrame to scroll after layout settles.
  • Message sending and rendering
    • Updated sendMessage so that after a message is sent, the chat view calls window.scrollChatToBottom() to keep the newly submitted message in view.
    • Adjusted appendMessage so:
      • AI messages only auto-scroll when the user is already near the bottom, preventing long answers from yanking the viewport down if the user has scrolled up.
      • New user/file/image messages scroll to the bottom once; history loads only scroll if the user is already near the bottom.
    • Refactored generated image rendering to create <img> elements via DOM APIs (with error handlers) instead of string-built HTML with inline onload/onerror, reducing attribute interpolation risk.
  • Template wiring
    • Confirmed chats.html continues to load chat scripts as ES modules and that the scroll helpers are wired consistently across chat-global.js, chat-messages.js, and chat-conversations.js.

Files Touched (high level)

  • chat-conversations.js
  • chat-global.js
  • chat-messages.js
  • chats.html
  • release_notes.md (v0.250.006 entry describes the chat scroll/508 behavior)

Validation

  • Branch sync
    • fix-508-scroll is up to date with upstream/Development.
  • Diff formatting
    • git diff --check upstream/Development...HEAD
    • ✅ No whitespace or diff-format issues.
  • XSS guardrails
    • python check_xss_sinks.py --full-file chat-conversations.js chat-messages.js application/single_app/templates/chats.html
    • ⚠️ Fails due to pre-existing dynamic innerHTML and attribute interpolation patterns in chat JS.
    • This PR does not introduce new sinks and moves one generated-image path to safer DOM APIs; remaining warnings are known, pre-existing patterns to be addressed in a separate hardening pass.
  • Functional / behavioral
    • Manual verification in the chat UI:
      • Selecting a conversation with many messages now lands at the bottom and stays there (no bottom→top→bottom flicker).
      • Sending a message scrolls to the bottom so the new message is visible.
      • Long AI responses do not auto-scroll the user to the bottom if they have scrolled up to read earlier content.

Versioning & Docs

  • config.py: VERSION = "0.250.006".
  • release_notes.md: v0.250.006 includes the chat scroll/508 usability entry referencing chats.html, chat-global.js, and chat-messages.js.
  • No new backend routes or configuration surfaces were added.

Risks / Follow-Up

  • Remaining XSS guardrail warnings in chat JS are pre-existing and should be addressed in a dedicated hardening PR (for example, replacing remaining innerHTML/attribute interpolation with DOM APIs and explicit URL normalization).
  • There are no dedicated automated tests for scroll behavior; behavior has been validated manually. A future PR could add a small UI test to lock in the expected scroll semantics.

@chadpalmer

Copy link
Copy Markdown
Contributor Author

@Bionic711 @paullizer Here's another PR for you. This adjusts the scroll behavior to more closely match other AI chat apps. Please let me know if you need updates/adjustments.

@paullizer

Copy link
Copy Markdown
Contributor

Interesting...This is not something I considered and I am looking forward to checking it out. Will review in the morning EST.

@paullizer

Copy link
Copy Markdown
Contributor

Security Review Results

Dependency gate: pass, no dependency manifests, lockfiles, Dockerfiles, workflows, or deployer files changed. No package release-age checks were needed.

External resources and egress: no new URLs, CDNs, webhooks, telemetry, fetch, XHR, WebSocket, beacon, or remote asset loaders were introduced in added lines. The image rendering path in chat-messages.js still assigns messageContent to an image src, but that behavior existed before as interpolated ; this PR moves it to DOM APIs and a local /static/images/image-error.png fallback.

Obfuscation and trickery: no added base64, eval, new Function, dynamic imports beyond existing local module usage, encoded commands, hidden Unicode, minified blobs, binaries, generated assets, archives, or suspicious renames/copies found.

Secrets and exfiltration: no added reads of settings, environment variables, cookies, local/session storage, tokens, credentials, connection strings, or authorization headers.

Security controls: no Flask routes, auth decorators, CSRF/CSP controls, settings sanitization, CI permissions, or route policy files changed. One pattern hit was d-none, which is a Bootstrap class and a false positive for the broad “disable” search.

@paullizer paullizer merged commit d924008 into microsoft:Development Jul 1, 2026
4 checks passed
@paullizer

Copy link
Copy Markdown
Contributor

This was a good change. I like it. Nice work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants