Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DISCUSS] Create description component #773

wants to merge 3 commits into from


fofr added 3 commits Apr 7, 2016
`bundle exec rails generate govuk_component description`
Move the repeated code into a shared mixin
Base styles on uses in government-frontend:
Copy link

@dsingleton dsingleton commented Apr 21, 2016

Generally, 👍

My only concern confusion over it accepting input to be escaped, or raw HTML. Looking at the code and (some) examples is clearer, but not from the docs and it's not particularly intuitive if you're just using it quickly/haven't used components much.

All of which increases the risk of an XSS issue if someone naively passes in unescaped input.

This isn't a problem specific to this component, just more obvious in a new one and I don't have a good solution right now. Perhaps taking description and escaped_description parameters, and adding logic to use one of those? What do you think?

Copy link
Contributor Author

@fofr fofr commented Apr 22, 2016

What about description_html?

@fofr fofr closed this Apr 28, 2016
@nickcolley nickcolley deleted the description-component branch Aug 19, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.