-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
77 about page #156
77 about page #156
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the reason for a separate route file for the latest version? Could this be included in the main about.js route?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The /about_latest route needs to be unauthenticated, since the About page is open regardless of whether or not a user is logged in. Hence the separate file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Related to above, latest could be /about/latest
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The endpoints under /about/
are exposed via api/routes/about.js
, and are the ones requiring authentication. Having a /about/latest/
path would force us to move the unauthenticated endpoint to the about.js
file (which is declared after the authentication middleware comes into effect), which would then force all of it's sub-paths (like /about/latest
) to use authentication, which we are trying to avoid.
* retrieve about text from api * WIP * escape input * switched to markdown-it * fixed some styles * use toast to show errors * size; reset after Cancel * made height fixed; use break-words * changed modal size * changed Edit button * allow users/operators to read * some UI changes * escape input; allow for creation or updating * use popover to indicate syntax * UI changes * added unauthenticated route * cleanup * changed routes; UI changes * WIP * force equal heights; made break-words work * use labels optionally * WIP * changed .gitignore; seed data * WIP - HTML line breaks missing * fixed several styles * fixed spacing; fonts * use constant height across different screen sizes * labels as props * edited seeding code
* 77 about page (#156) * retrieve about text from api * WIP * escape input * switched to markdown-it * fixed some styles * use toast to show errors * size; reset after Cancel * made height fixed; use break-words * changed modal size * changed Edit button * allow users/operators to read * some UI changes * escape input; allow for creation or updating * use popover to indicate syntax * UI changes * added unauthenticated route * cleanup * changed routes; UI changes * WIP * force equal heights; made break-words work * use labels optionally * WIP * changed .gitignore; seed data * WIP - HTML line breaks missing * fixed several styles * fixed spacing; fonts * use constant height across different screen sizes * labels as props * edited seeding code * cleanup (#171) * made About editable to operators * removed seed data * added bootstrap data
Description
Made the About page's text editable via a markdown editor.
Related Issue(s)
Closes #77
If applicable, please reference the issue(s) that this PR addresses. If the PR does not address any specific issue, you can remove this section.
Changes Made
List the main changes made in this PR. Be as specific as possible.
Feature added
Code refactored
Other changes: [describe]
Made the About page editable via a markdown input.
Persisted markdown is rendered as HTML in the /about page, as well as in the Live Preview.
After retrieval,
md.render()
is used to convert persisted markdown to HTML, which strips out potentially-malicious elements from the markdown (likejavascript:
). The generated HTML is then sent toDOMPurify.sanitize()
which is an HTML-sanitizer built for protection against XSS attacks. This sanitized HTML is then displayed to the user.To continue allowing unauthenticated users into the /about page, the endpoint to fetch the latest About text is unauthenticated, and rate-limited for security.
Screenshots (if applicable)
Desktop View
Mobile View (horizontal scroll in effect)
Checklist
Before submitting this PR, please make sure that: