mirror of
https://github.com/NoRedInk/noredink-ui.git
synced 2024-12-27 15:42:23 +03:00
💀 replace attribute extras
This commit is contained in:
parent
e9ae1f8a43
commit
4cb887fb81
src
@ -1,20 +0,0 @@
|
||||
module AttributeExtras exposing (targetBlank)
|
||||
|
||||
import Html.Styled exposing (Attribute)
|
||||
import Html.Styled.Attributes as Attributes
|
||||
|
||||
|
||||
{-| Use this list of attributes instead of applying `Attributes.target "_blank"`
|
||||
directly. This prevents an exploits like "tabnabbing", among other things.
|
||||
|
||||
See these resources:
|
||||
|
||||
- <https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#Security_and_privacy_concerns>
|
||||
- <https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever>
|
||||
|
||||
-}
|
||||
targetBlank : List (Attribute msg)
|
||||
targetBlank =
|
||||
[ Attributes.target "_blank"
|
||||
, Attributes.rel "noopener noreferrer"
|
||||
]
|
@ -14,7 +14,7 @@ module ClickableAttributes exposing
|
||||
|
||||
{-| -}
|
||||
|
||||
import AttributeExtras exposing (targetBlank)
|
||||
import Nri.Ui.Html.Attributes.V2 as AttributeExtras exposing (targetBlank)
|
||||
import EventExtras
|
||||
import Html.Styled exposing (Attribute)
|
||||
import Html.Styled.Attributes as Attributes
|
||||
|
@ -1,39 +0,0 @@
|
||||
module Nri.Ui.Html.Attributes.Extra exposing (none, includeIf)
|
||||
|
||||
{-| Extras for working with Html.Attributes
|
||||
|
||||
@docs none, includeIf
|
||||
|
||||
-}
|
||||
|
||||
import Html exposing (Attribute)
|
||||
import Html.Attributes as Attributes
|
||||
import Json.Encode as Encode
|
||||
|
||||
|
||||
{-| Represents an attribute with no semantic meaning, useful for conditionals.
|
||||
|
||||
This is implemented such that whenever Html.Attributes.Extra.none is encountered
|
||||
by VirtualDom it will set a meaningless property on the element object itself to
|
||||
null:
|
||||
|
||||
domNode['Html.Attributes.Extra.none'] = null
|
||||
|
||||
It's totally safe and lets us clean up conditional and maybe attributes
|
||||
|
||||
-}
|
||||
none : Attribute msg
|
||||
none =
|
||||
Attributes.property "Html.Attributes.Extra.none" Encode.null
|
||||
|
||||
|
||||
{-| conditionally include an attribute. Useful for CSS classes generated with
|
||||
`UniqueClass`!
|
||||
-}
|
||||
includeIf : Bool -> Attribute msg -> Attribute msg
|
||||
includeIf cond attr =
|
||||
if cond then
|
||||
attr
|
||||
|
||||
else
|
||||
none
|
@ -1,4 +1,4 @@
|
||||
module Nri.Ui.Html.Attributes.V2 exposing (none, includeIf)
|
||||
module Nri.Ui.Html.Attributes.V2 exposing (none, includeIf, targetBlank)
|
||||
|
||||
{-| Extras for working with Html.Attributes.
|
||||
|
||||
@ -39,3 +39,18 @@ includeIf cond attr =
|
||||
|
||||
else
|
||||
none
|
||||
|
||||
{-| Use this list of attributes instead of applying `Attributes.target "_blank"`
|
||||
directly. This prevents an exploits like "tabnabbing", among other things.
|
||||
|
||||
See these resources:
|
||||
|
||||
- <https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#Security_and_privacy_concerns>
|
||||
- <https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever>
|
||||
|
||||
-}
|
||||
targetBlank : List (Attribute msg)
|
||||
targetBlank =
|
||||
[ Attributes.target "_blank"
|
||||
, Attributes.rel "noopener noreferrer"
|
||||
]
|
||||
|
@ -139,7 +139,7 @@ module Nri.Ui.Icon.V5 exposing
|
||||
|
||||
import Accessibility.Role as Role
|
||||
import Accessibility.Styled exposing (..)
|
||||
import AttributeExtras
|
||||
import Nri.Ui.Html.Attributes.V2 as AttributeExtras
|
||||
import Css exposing (..)
|
||||
import EventExtras
|
||||
import Html as RootHtml
|
||||
|
Loading…
Reference in New Issue
Block a user