Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make descriptions with line breaks human readable. #2557

Open
chandanbn opened this issue Feb 20, 2024 · 2 comments
Open

Make descriptions with line breaks human readable. #2557

chandanbn opened this issue Feb 20, 2024 · 2 comments

Comments

@chandanbn
Copy link

CNAs add line breaks in descriptions to make it readable, the current website CSS rendering does not preserve line-breaks and makes it harder to read.

Fix would adding a CSS like this to description's style: (#cve-desciption)

white-space: break-spaces;

Example:
https://test.cve.org/CVERecord?id=CVE-2024-0052

Current:
Screenshot 2024-02-20 at 11 04 21 AM

Improved readability:
Screenshot 2024-02-20 at 11 03 59 AM

See also #1574
@ElectricNroff
Copy link

I think this may interfere with the ability to adapt to the screen size on some platforms.

For example, after making this white-space: break-spaces change, with Chrome 122,0.6261.90 on a small Android tablet, I see the following sequence of lines for part of the CVE-2024-0727 content:

A file in PKCS12 format can contain certificates and keys
and may come from an
untrusted source. The PKCS12 specification allows certain
fields to be NULL, but
OpenSSL does not correctly check for this case. This can
lead to a NULL pointer

whereas, on a desktop platform, the number of words on a line is always reasonably consistent, but is a much smaller number of words than would be rendered by default, e.g.,

A file in PKCS12 format can contain certificates and keys and may come from an
untrusted source. The PKCS12 specification allows certain fields to be NULL, but
OpenSSL does not correctly check for this case. This can lead to a NULL pointer

instead of the default behavior, which uses a substantially larger fraction of the screen width.

This occurs because, as in thousands of other CVE Records, the CNA's JSON content has explicit line breaks that might maintain (or even improve) readability on (perhaps only) desktop platforms:

A file in PKCS12 format can contain certificates and keys and may come from an\n
untrusted source. The PKCS12 specification allows certain fields to be NULL, but\n
OpenSSL does not correctly check for this case. This can lead to a NULL pointer\n

It really depends on one's opinion of the purpose of the CVE website. One possible opinion is that CNAs are entitled to make assumptions about how the cve.org website works, optimize cve.org for usability on some platforms over others, and exercise customization of some aspects of cve.org page layout (such as line breaks). An alternate position is to accept that cross-platform page layout choices are made by the cve.org website designers to meet user experience expectations on each platform, and that any attempts by a data provider to control cve.org page layout (e.g., with explicit line breaks) will always be ignored. In this position, if a data provider wants to offer a custom page layout to some consumers, then a field such as /containers/cna/descriptions/0/supportingMedia/0/value should be used, because there is no intention of accommodating page layout suggestions within /containers/cna/descriptions/0/value.

@chandanbn
Copy link
Author

I feel it would be still be more readable on mobile screens compared to the existing wall of text.

@chandanbn chandanbn mentioned this issue Mar 11, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chandanbn @ElectricNroff