Skip to content

refactor all anchors to use Link component to make they all have safe url #1634

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Oct 10, 2022
Merged

refactor all anchors to use Link component to make they all have safe url #1634

merged 14 commits into from
Oct 10, 2022

Conversation

ahussein3
Copy link
Contributor

@ahussein3 ahussein3 commented Oct 2, 2022
edited
Loading

Resolve #1558 1588

  • Refactor all anchors to use Link component instead to make sure all Urls used are safe valid Urls.

@ahussein3 ahussein3 added the enhancement New feature or request label Oct 2, 2022
@ahussein3 ahussein3 requested a review from jpellizzari as a code owner October 2, 2022 15:14
@ahussein3 ahussein3 requested review from foot and AlinaGoaga October 2, 2022 15:24
AlinaGoaga
AlinaGoaga reviewed Oct 5, 2022
View reviewed changes
Copy link
Contributor

@AlinaGoaga AlinaGoaga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me! We've got a few more places which have got a tags (like in Delete Cluster, App Fields etc) so I'll leave this open for now maybe we add those also? Cheers!

@ahussein3 ahussein3 requested a review from AlinaGoaga October 9, 2022 10:28
@AlinaGoaga
Copy link
Contributor

AlinaGoaga commented Oct 10, 2022
edited
Loading

Hey @ahussein3! I think we're good to remove isAllowedLink altogether from where it's used as the Link component coming from Core already does the checks?

function Link({
  ...props
}: Props) {
  if (href && !isAllowedLink(href)) {
    return <Text {...textProps}>{children}</Text>;
  }

@ahussein3 ahussein3 merged commit 87fd905 into main Oct 10, 2022
@ahussein3 ahussein3 deleted the Ui-1558-UseLinkInsteadOfAnchorToMakeSureAllUrlAreSafe branch October 10, 2022 20:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlinaGoaga AlinaGoaga AlinaGoaga approved these changes

@jpellizzari jpellizzari Awaiting requested review from jpellizzari

@foot foot Awaiting requested review from foot

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[UI] Make sure we're using the Link component from core everywhere which provides XSS attack prevention
2 participants
@ahussein3 @AlinaGoaga