Remove contributors file from NVDA, read license as HTML

[seanbudd]

Link to issue number:

Closes #17529
Closes #16922

Summary of the issue:

There is a transient bug with Windows that prevents opening the "contributors" and "license" file in notepad.
The contributors file is no longer maintained or useful, so this should instead be archived.
The license file is written in markdown, but displayed as plain text in notepad, or as a plain text scrollable text window. This makes it hard for users to read.

Description of user facing changes

• The license file is now displayed in HTML, generated from markdown.
  From the installer, this is an embedded WebView, from the menu, this is a browseable message.
• The installer now has a more thorough agreement message to confirm the user has read the license
• The contributors file can no longer be accessed from NVDA
• Note: the license file is still not openable in secure screens, but now can be read in secure mode

Description of development approach

• Use markdown module to convert markdown to html
• Use nh3 to sanitize generated HTML
• Generate and cache HTML from the license only when required, on first load.

Testing strategy:

Tested creating an NVDA installer and reading the license and opening the license from the NVDA menu.

Known issues with pull request:

Code Review Checklist:

• Documentation:
  • Change log entry
  • User Documentation
  • Developer / Technical Documentation
  • Context sensitive help for GUI changes
• Testing:
  • Unit tests
  • System (end to end) tests
  • Manual testing
• UX of all users considered:
  • Speech
  • Braille
  • Low Vision
  • Different web browsers
  • Localization in other languages / culture than English
• API is compatible with existing add-ons.
• Security precautions taken.

@coderabbitai summary

[CyrilleB79]

Alternatively:
Why do you generate the HTML at runtime? Couldn't you generate it at build time instead given the content does not change?

[seanbudd]

Why do you generate the HTML at runtime? Couldn't you generate it at build time instead given the content does not change?

Simplicity really - we don't need to store or use the HTML file anywhere else unlike other documentation.

[AppVeyorBot]

• PASS: Translation comments check.
• PASS: License check.
• PASS: Unit tests.
• PASS: Lint check.
• FAIL: System tests (tags: installer NVDA). See test results for more information.
• Build (for testing PR): https://ci.appveyor.com/api/buildjobs/8pdofaxflh9u23yp/artifacts/output/nvda_snapshot_pr17600-34944,65aaa9ba.exe
• CI timing (mins):
  INIT 0.0,
  INSTALL_START 1.3,
  INSTALL_END 1.0,
  BUILD_START 0.0,
  BUILD_END 25.9,
  TESTSETUP_START 0.0,
  TESTSETUP_END 0.2,
  TEST_START 0.0,
  TEST_END 1.1,
  FINISH_END 0.1

See test results for failed build of commit 65aaa9bac2

[AppVeyorBot]

• PASS: Translation comments check.
• PASS: License check.
• PASS: Unit tests.
• PASS: Lint check.
• FAIL: System tests (tags: installer NVDA). See test results for more information.
• Build (for testing PR): https://ci.appveyor.com/api/buildjobs/9n2asvexodelb9j8/artifacts/output/nvda_snapshot_pr17600-34948,77d2f0a9.exe
• CI timing (mins):
  INIT 0.0,
  INSTALL_START 1.2,
  INSTALL_END 0.9,
  BUILD_START 0.0,
  BUILD_END 27.0,
  TESTSETUP_START 0.0,
  TESTSETUP_END 0.2,
  TEST_START 0.0,
  TEST_END 1.1,
  FINISH_END 0.2

See test results for failed build of commit 77d2f0a914

[Qchristensen]

All looks good, and the size of the license on screen looks good for me.

Made a suggestion about noting the date of archiving the contributors file, otherwise all good.

[LeonarddeR]

@coderabbitai could you create an issue to investigate renaming copying.txt to LICENSE.md in order for GitHub to pick up the license?

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@LeonarddeR I've created issue #17621 to track the investigation of renaming copying.txt to LICENSE.md for better GitHub license detection.

🔗 Analysis chain

@LeonarddeR I've created a new issue to track the investigation of renaming copying.txt to LICENSE.md for better GitHub license detection.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Find the license file location
fd -t f -i copying.txt

# Check if LICENSE.md already exists to avoid potential conflicts
fd -t f -i license.md

Length of output: 60

---

Script:

#!/bin/bash
gh issue create \
  --title "Investigate renaming copying.txt to LICENSE.md for GitHub license detection" \
  --body "Currently, the NVDA license is stored in copying.txt. GitHub has built-in license detection that automatically identifies repository licenses when they follow common naming patterns like LICENSE.md.

Consider renaming copying.txt to LICENSE.md to:
- Improve repository license visibility on GitHub
- Follow modern open source conventions
- Make the license more discoverable for new contributors

Related PR: #17600 where license file handling was updated.

Note: This change requires careful consideration of:
- Impact on existing documentation/scripts that might reference copying.txt
- Migration plan for existing installations
- Update of any hardcoded references to the file name"

Length of output: 843

[LeonarddeR]

I understand this comment, it's however not clear from the comment how activating links is avoided here. I assume that links are not rendered in browseable messages?

[seanbudd]

it's avoided by the blocking the whole action with the blockAction. Links are rendered in the browseable messages. I'm not sure if I can place the comment any closer to the decorator while keeping formatting happy. Maybe

@blockAction.when(
	# HTML includes links which shouldn't be accessible
	blockAction.Context.SECURE_MODE
)
def displayLicense():

[LeonarddeR]

Ah I see now, thanks for clarifying.
Can't we instruct nh3 to strip links in a secure context, for example by providing an empty list of url schemes?

[seanbudd]

We could, but I think it's useful for these links to work, no?

[LeonarddeR]

It definitely is 😉
However, we can make the behavior of nh3 differ from the default behavior when in a secure context, for example:

if secureContext:
	attribute_filter = lambda tag, attr, val: None if tag.lower() == "a" and attr.lower() == "href" else val
else:
	attribute_filter = None

In secure context, we probably also want to pass something like url_schemes=set() to ensure that external comments will never load.
The latter might even be enough, as long as we don't provide something like <a href="something">something</a> as these won't be filtered.

[seanbudd]

@SaschaCowley - do you think this is necessary?

[SaschaCowley]

Potentially useful, but not necessary. Note this would also require changes to browsable message, which is currently not available when running on a secure desktop.

nvda/source/ui.py

Lines 156 to 158 in fa619c2

	if isRunningOnSecureDesktop():
	_warnBrowsableMessageNotAvailableOnSecureScreens(title)
	return

[SaschaCowley]

I think your first suggestion (putting the explanatory comment in the decorator) is the way to go here, @seanbudd

[SaschaCowley]

@seanbudd if I build a launcher from this branch, the HTML view containing the licence is not accessible unless I click on it.

Speech viewer output

NVDA Launcher  dialog  License Agreement
wxWebView
tab
I have read and agree to the license agreement  check box  not checked  Alt+  a
tab
Exit  button  Alt+  x
tab
wxWebView
down arrow
I have read and agree to the license agreement  check box  not checked  Alt+  a
up arrow
wxWebView
down arrow
I have read and agree to the license agreement  check box  not checked  Alt+  a
up arrow
wxWebView
NVDA+shift+m
NVDA is available under the GNU General Public License version 2, with two special exceptions. The exceptions are outlined in the sections "Non-GPL Components in Plugins and Drivers" and "Microsoft Distributable Code". NVDA also includes and uses components which are made available under different free and open source licenses. Information about how to obtain and build the code for yourself is available at https://github.com/nvaccess/nvda/blob/master/projectDocs/dev/contributing.md. All applicable licenses are included below.
NVDA+[
Left click
document
heading    level 1  NVDA License
down arrow
NVDA is available under the GNU General Public License version 2, with two special exceptions. The 
tab
https://github.com/nvaccess/nvda/blob/master/projectDocs/dev/contributing.md  link  
tab
https://www.gnu.org/licenses/old-licenses/gpl-2.0.html/  link  
tab
https://fsf.org/  link  
tab
https://github.com/nvaccess/nvda-misc-deps/  link  
tab
I have read and agree to the license agreement  check box  not checked  Alt+  a
up arrow
document
link    https://github.com/nvaccess/nvda-misc-deps/
up arrow
the following URL:
down arrow
link    https://github.com/nvaccess/nvda-misc-deps/
down arrow
link    https://github.com/nvaccess/nvda-misc-deps/
tab
https://github.com/nvaccess/nvda/blob/master/projectDocs/dev/contributing.md  link  
tab
https://www.gnu.org/licenses/old-licenses/gpl-2.0.html/  link  
ctrl+end
link    https://github.com/nvaccess/nvda-misc-deps/
https://fsf.org/  link  
https://github.com/nvaccess/nvda-misc-deps/  link  
tab
https://fsf.org/  link  
tab
https://github.com/nvaccess/nvda-misc-deps/  link  
tab
I have read and agree to the license agreement  check box  not checked  Alt+  a
tab
Exit  button  Alt+  x

[Qchristensen]

All looks good.