NoRedInk/noredink-ui
1
1
Fork 0
mirror of https://github.com/NoRedInk/noredink-ui.git synced 2024-12-28 08:04:06 +03:00
Code Issues Packages Projects Releases Wiki Activity

💀 replace attribute extras

Browse Source
This commit is contained in:
Tessa Kelly 2020-04-24 12:55:51 -07:00
parent e9ae1f8a43
commit 4cb887fb81
5 changed files with 18 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/AttributeExtras.elm
View File

@ -1,20 +0,0 @@
module AttributeExtras exposing (targetBlank)
import Html.Styled exposing (Attribute)
import Html.Styled.Attributes as Attributes
{-| Use this list of attributes instead of applying `Attributes.target "_blank"`
directly. This prevents an exploits like "tabnabbing", among other things.
See these resources:
- <https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#Security_and_privacy_concerns>
- <https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever>
-}
targetBlank : List (Attribute msg)
targetBlank =
[ Attributes.target "_blank"
, Attributes.rel "noopener noreferrer"
]

2
src/ClickableAttributes.elm
View File

@ -14,7 +14,7 @@ module ClickableAttributes exposing
{-| -} {-| -}
import AttributeExtras exposing (targetBlank) import Nri.Ui.Html.Attributes.V2 as AttributeExtras exposing (targetBlank)
import EventExtras import EventExtras
import Html.Styled exposing (Attribute) import Html.Styled exposing (Attribute)
import Html.Styled.Attributes as Attributes import Html.Styled.Attributes as Attributes

39
src/Nri/Ui/Html/Attributes/Extra.elm
View File

@ -1,39 +0,0 @@
module Nri.Ui.Html.Attributes.Extra exposing (none, includeIf)
{-| Extras for working with Html.Attributes
@docs none, includeIf
-}
import Html exposing (Attribute)
import Html.Attributes as Attributes
import Json.Encode as Encode
{-| Represents an attribute with no semantic meaning, useful for conditionals.
This is implemented such that whenever Html.Attributes.Extra.none is encountered
by VirtualDom it will set a meaningless property on the element object itself to
null:
domNode['Html.Attributes.Extra.none'] = null
It's totally safe and lets us clean up conditional and maybe attributes
-}
none : Attribute msg
none =
Attributes.property "Html.Attributes.Extra.none" Encode.null
{-| conditionally include an attribute. Useful for CSS classes generated with
`UniqueClass`!
-}
includeIf : Bool -> Attribute msg -> Attribute msg
includeIf cond attr =
if cond then
attr
else
none

17
src/Nri/Ui/Html/Attributes/V2.elm
View File

@ -1,4 +1,4 @@
module Nri.Ui.Html.Attributes.V2 exposing (none, includeIf) module Nri.Ui.Html.Attributes.V2 exposing (none, includeIf, targetBlank)
{-| Extras for working with Html.Attributes. {-| Extras for working with Html.Attributes.
@ -39,3 +39,18 @@ includeIf cond attr =
else else
none none
{-| Use this list of attributes instead of applying `Attributes.target "_blank"`
directly. This prevents an exploits like "tabnabbing", among other things.
See these resources:
- <https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#Security_and_privacy_concerns>
- <https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever>
-}
targetBlank : List (Attribute msg)
targetBlank =
[ Attributes.target "_blank"
, Attributes.rel "noopener noreferrer"
]

2
src/Nri/Ui/Icon/V5.elm
View File

@ -139,7 +139,7 @@ module Nri.Ui.Icon.V5 exposing
import Accessibility.Role as Role import Accessibility.Role as Role
import Accessibility.Styled exposing (..) import Accessibility.Styled exposing (..)
import AttributeExtras import Nri.Ui.Html.Attributes.V2 as AttributeExtras
import Css exposing (..) import Css exposing (..)
import EventExtras import EventExtras
import Html as RootHtml import Html as RootHtml