Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(module:upload): remove inline style to resolve CSP issue #8064

Merged
merged 1 commit into from Mar 14, 2024
Merged

fix(module:upload): remove inline style to resolve CSP issue #8064

merged 1 commit into from Mar 14, 2024

Conversation

arturovt
Copy link
Member

This commit addresses the CSP issue by removing the inline style property from the input element within the nz-upload component. The use of inline style attributes necessitates the inclusion of unsafe-inline.

@arturovt arturovt requested a review from cipchk as a code owner August 23, 2023 11:37
@zorro-bot
Copy link

zorro-bot bot commented Aug 23, 2023

This preview will be available after the AzureCI is passed.

@codecov Codecov
Copy link

codecov bot commented Nov 4, 2023
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.62%. Comparing base (3dc1579) to head (6864915).
Report is 37 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #8064      +/-   ##
==========================================
- Coverage   91.74%   91.62%   -0.13%     
==========================================
  Files         520      530      +10     
  Lines       18023    18391     +368     
  Branches     2838     2815      -23     
==========================================
+ Hits        16536    16851     +315     
- Misses       1184     1224      +40     
- Partials      303      316      +13

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@HyperLife1119
Copy link
Collaborator

We should not add the new style directly to the antd style file, as this will interfere with the component style synchronization. We can either add the style to patch.less or use the style binding [style.display]="'none'".

@arturovt
fix(module:upload): remove inline style to resolve CSP issue
6864915 
This commit addresses the CSP issue by removing the inline `style` property from the
`input` element within the `nz-upload` component. The use of inline style attributes necessitates
the inclusion of `unsafe-inline`.
@arturovt
Copy link
Member Author

We should not add the new style directly to the antd style file, as this will interfere with the component style synchronization. We can either add the style to patch.less or use the style binding [style.display]="'none'".

Updated.

@Nicoss54 Nicoss54 self-requested a review March 14, 2024 17:05
Nicoss54
Nicoss54 approved these changes Mar 14, 2024
View reviewed changes
Copy link
Collaborator

@Nicoss54 Nicoss54 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@HyperLife1119 HyperLife1119 merged commit 1ac84a8 into NG-ZORRO:master Mar 14, 2024
8 of 9 checks passed
@arturovt arturovt deleted the fix/upload-inline branch March 14, 2024 17:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Nicoss54 Nicoss54 Nicoss54 approved these changes

@cipchk cipchk Awaiting requested review from cipchk cipchk is a code owner

Assignees

@arturovt arturovt

Labels
Component: Upload PR: reviewed-approved PR: target-patch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@arturovt @HyperLife1119 @Nicoss54