Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DISCUSS] Create description component #773

Closed
wants to merge 3 commits into from
Closed

Conversation

fofr added 3 commits Apr 7, 2016
`bundle exec rails generate govuk_component description`
Move the repeated code into a shared mixin
Base styles on uses in government-frontend:

https://github.com/alphagov/government-frontend/blob/master/app/assets/s
tylesheets/helpers/_description.scss

https://github.com/alphagov/government-frontend/blob/b9f350d6a5da7d3f920
6b80c323a55203c36e883/app/views/shared/_description.html.erb
@dsingleton
Copy link
Contributor

@dsingleton dsingleton commented Apr 21, 2016

Generally, 👍

My only concern confusion over it accepting input to be escaped, or raw HTML. Looking at the code and (some) examples is clearer, but not from the docs and it's not particularly intuitive if you're just using it quickly/haven't used components much.

All of which increases the risk of an XSS issue if someone naively passes in unescaped input.

This isn't a problem specific to this component, just more obvious in a new one and I don't have a good solution right now. Perhaps taking description and escaped_description parameters, and adding logic to use one of those? What do you think?

@fofr
Copy link
Contributor Author

@fofr fofr commented Apr 22, 2016

What about description_html?

@fofr fofr closed this Apr 28, 2016
@nickcolley nickcolley deleted the description-component branch Aug 19, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.