Skip to content

fix(ui5-color-palette-item): remove inline styles #12558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 30, 2025
Merged

fix(ui5-color-palette-item): remove inline styles #12558

merged 1 commit into from
Oct 30, 2025

Conversation

@tsanislavgatev
Copy link
Contributor

@tsanislavgatev tsanislavgatev commented Oct 27, 2025

fixes: #12550

@ui5-webcomponents-bot
Copy link
Collaborator

ui5-webcomponents-bot commented Oct 27, 2025
edited
Loading

🧹 Preview deployment cleaned up: https://pr-12558--ui5-webcomponents.netlify.app

@ui5-webcomponents-bot ui5-webcomponents-bot temporarily deployed to preview October 27, 2025 20:51 Inactive
@didip1000 didip1000 requested a review from hinzzx October 28, 2025 08:14
hinzzx
hinzzx previously requested changes Oct 30, 2025
View reviewed changes
packages/main/src/ColorPaletteItem.ts
const itemHeight = this.offsetHeight + 4; // adding 4px for the offsets on top and bottom
this.style.setProperty(getScopedVarName("--_ui5_color_palette_item_height"), `${itemHeight}px`);

this.style.setProperty(getScopedVarName("--_ui5-color-palette-item-background-color"), `${this.value}`);
Copy link
Contributor

@hinzzx hinzzx Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we sure we address the CSP Violation ? Even though right now it sets scoped-variable, malicious link still could be inserted through it. Maybe some sort of sanitization would work ?

Copy link
Contributor

@hinzzx hinzzx Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as discussed offline, we'll go for it as it is for now. If any concerns arise, we'll investigate it further.

@hinzzx hinzzx dismissed their stale review October 30, 2025 13:29

discussed offline, that we're going for that approach for the moment.

@tsanislavgatev tsanislavgatev merged commit 6aed82d into main Oct 30, 2025
14 checks passed
@tsanislavgatev tsanislavgatev deleted the cp-item-background branch October 30, 2025 13:40
@ui5-webcomponents-bot ui5-webcomponents-bot temporarily deployed to preview October 30, 2025 13:40 Inactive
@ui5-webcomponents-bot
Copy link
Collaborator

ui5-webcomponents-bot commented Nov 5, 2025

🎉 This PR is included in version v2.16.0 🎉

The release is available on v2.16.0

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hinzzx hinzzx hinzzx approved these changes

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[ColorPaletteItem]: uses inline styles

4 participants

@tsanislavgatev @ui5-webcomponents-bot @hinzzx