feat: manage link in package description#147
Conversation
|
@jycouet is attempting to deploy a commit to the danielroe Team on Vercel. A member of the Team first needs to authorize it. |
| // Links: [text](url) - only allow http, https, mailto | ||
| html = html.replace(/\[([^\]]+)\]\(([^)]+)\)/g, (_match, text, url) => { | ||
| const decodedUrl = url.replace(/&/g, '&') | ||
| if (/^(https?:|mailto:)/i.test(decodedUrl)) { |
There was a problem hiding this comment.
this is probably not sufficient from a security point of view
There was a problem hiding this comment.
I did an update with
URLclass- manage only
https&mailto
Let me know what you have in mind, I can do more researches 👍
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
oh - one more issue - we have to avoid rendering a link when it's in a |
You mean here Even if it's not clickable, it's nicer no? |
|
Or having the text underlined, but not a link in a "semi-plain" mode? :D |
|
I'd be up for it being underlined - but ... that does make the user think they can click it, right? 🤔 |
|
Or bold? Or different underline? |
|
this is what it currently displays (no special chars): 
|
|
What about ? 
I think I like |
|
the problem is - this is only meant to be a description, not to have its own CTA. we shouldn't highlight that CTA for that reason. it should be as muted as the rest of the description. that's a bit strange, but that's because it is being misused a bit by that package, imo... |
I get it, let's keep it like this 👍 |
3 participants
With https://npmx.dev/@clack/prompts
Before
After
