Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
[DISCUSS] Create description component #773
Base styles on uses in government-frontend:
Also creates a
Example of switching to this component in government-frontend:
Base styles on uses in government-frontend: https://github.com/alphagov/government-frontend/blob/master/app/assets/s tylesheets/helpers/_description.scss https://github.com/alphagov/government-frontend/blob/b9f350d6a5da7d3f920 6b80c323a55203c36e883/app/views/shared/_description.html.erb
My only concern confusion over it accepting input to be escaped, or raw HTML. Looking at the code and (some) examples is clearer, but not from the docs and it's not particularly intuitive if you're just using it quickly/haven't used components much.
All of which increases the risk of an XSS issue if someone naively passes in unescaped input.
This isn't a problem specific to this component, just more obvious in a new one and I don't have a good solution right now. Perhaps taking