1
1
mirror of https://github.com/NoRedInk/noredink-ui.git synced 2024-12-27 15:42:23 +03:00

💀 replace attribute extras

This commit is contained in:
Tessa Kelly 2020-04-24 12:55:51 -07:00
parent e9ae1f8a43
commit 4cb887fb81
5 changed files with 18 additions and 62 deletions

View File

@ -1,20 +0,0 @@
module AttributeExtras exposing (targetBlank)
import Html.Styled exposing (Attribute)
import Html.Styled.Attributes as Attributes
{-| Use this list of attributes instead of applying `Attributes.target "_blank"`
directly. This prevents an exploits like "tabnabbing", among other things.
See these resources:
- <https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#Security_and_privacy_concerns>
- <https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever>
-}
targetBlank : List (Attribute msg)
targetBlank =
[ Attributes.target "_blank"
, Attributes.rel "noopener noreferrer"
]

View File

@ -14,7 +14,7 @@ module ClickableAttributes exposing
{-| -}
import AttributeExtras exposing (targetBlank)
import Nri.Ui.Html.Attributes.V2 as AttributeExtras exposing (targetBlank)
import EventExtras
import Html.Styled exposing (Attribute)
import Html.Styled.Attributes as Attributes

View File

@ -1,39 +0,0 @@
module Nri.Ui.Html.Attributes.Extra exposing (none, includeIf)
{-| Extras for working with Html.Attributes
@docs none, includeIf
-}
import Html exposing (Attribute)
import Html.Attributes as Attributes
import Json.Encode as Encode
{-| Represents an attribute with no semantic meaning, useful for conditionals.
This is implemented such that whenever Html.Attributes.Extra.none is encountered
by VirtualDom it will set a meaningless property on the element object itself to
null:
domNode['Html.Attributes.Extra.none'] = null
It's totally safe and lets us clean up conditional and maybe attributes
-}
none : Attribute msg
none =
Attributes.property "Html.Attributes.Extra.none" Encode.null
{-| conditionally include an attribute. Useful for CSS classes generated with
`UniqueClass`!
-}
includeIf : Bool -> Attribute msg -> Attribute msg
includeIf cond attr =
if cond then
attr
else
none

View File

@ -1,4 +1,4 @@
module Nri.Ui.Html.Attributes.V2 exposing (none, includeIf)
module Nri.Ui.Html.Attributes.V2 exposing (none, includeIf, targetBlank)
{-| Extras for working with Html.Attributes.
@ -39,3 +39,18 @@ includeIf cond attr =
else
none
{-| Use this list of attributes instead of applying `Attributes.target "_blank"`
directly. This prevents an exploits like "tabnabbing", among other things.
See these resources:
- <https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#Security_and_privacy_concerns>
- <https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever>
-}
targetBlank : List (Attribute msg)
targetBlank =
[ Attributes.target "_blank"
, Attributes.rel "noopener noreferrer"
]

View File

@ -139,7 +139,7 @@ module Nri.Ui.Icon.V5 exposing
import Accessibility.Role as Role
import Accessibility.Styled exposing (..)
import AttributeExtras
import Nri.Ui.Html.Attributes.V2 as AttributeExtras
import Css exposing (..)
import EventExtras
import Html as RootHtml