paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-15 19:31:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

tippyjs: Avoid unsafe allowHTML API in favor of <template> elements.

Browse Source 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg
2022-03-02 14:06:33 -08:00
committed by Tim Abbott
parent 8c1ed7359f
commit 44767dd653
12 changed files with 90 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tools/linter_lib/custom_check.py
View File

@@ -216,6 +216,10 @@ js_rules = RuleList(
"good_lines": ["assert.ok(...)"],
"bad_lines": ["assert(...)"],
},
{
"pattern": r"allowHTML|(?i:data-tippy-allowHTML)",
"description": "Never use Tippy.js allowHTML; for an HTML tooltip, get a DocumentFragment with ui_util.parse_html.",
},
*whitespace_rules,
],
)
@@ -724,6 +728,10 @@ html_rules: List["Rule"] = [
"good_lines": ["#my-style {color: blue;}", 'style="display: none"', "style='display: none"],
"bad_lines": ['<p style="color: blue;">Foo</p>', 'style = "color: blue;"'],
},
{
"pattern": r"(?i:data-tippy-allowHTML)",
"description": "Never use data-tippy-allowHTML; for an HTML tooltip, set data-tooltip-template-id to the id of a <template>.",
},
]
handlebars_rules = RuleList(