New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow custom styling for consent banner #505
Comments
@TommasoAmici @DavidBernal you are 👀 ing this issue so I am getting in touch. We are currently building this feature over in #590 and plan to ship it in the next release. If interested I'd like to solicit your feedback on the following question: as outlined in the issue above we will need to somehow limit the CSS that users of this feature are able to write (i.e. setting If any of you would use this feature and could share your requirements here, we'd be happy to a. have an idea of what you need to do and b. give you a tailor made piece of software ;) Thank you! |
As discussed with @hendr-ik in person we would like to start off with the guidelines for sanitizing CSS: we trust the operator who deploys and customizes Offen to keep the consent guarantees intact but aim to prevent attackers (who might hijack a system or similar) from injecting malicious content through CSS. This means we'll start with the following rules:
|
Hi, I don't have the time to give this much thought from a development point of view in this moment. From a user point of view I really need simple customizations to make Offen fit in with my designs: border, colors and maybe font family are all I need to touch |
Your requirements as a user are super helpful and all we need. Thank you. |
@m90 I concur with @TommasoAmici. The consent banner currently sticks out like a sore thumb because its yellow color clashes with the dark design theme on my website. All it would take to fix that is the ability to change the color of the different banner elements. |
@TommasoAmici @whalehub We just merged the PR containing the feature and plan to include it in the next release. In case you are interested and would like to help us ship a feature that is actually helpful, we'd appreciate any feedback on a test run. To check it out, you can run the docker pull offen/offen:development
docker run --rm -p 9876:9876 offen/offen:development demo -port 9876 After logging in head to Our primary questions for feedback would be:
Any other feedback is welcome too of course. Thank you! |
This now released in v0.4.2. Thanks for all of your feedback 🎩 |
Right now the consent banner is styled one-size-fits-all. While we try to keep it low-impact for most designs, this surely hurts adoption in cases where a unified UX is important for operators.
While it's technically trivial to allow operators to inject custom CSS into the iframe element that displays the banner, this also comes with some pitfalls and requirements:
Approach: allowing operators to define custom CSS per account
Semantic classes are applied to the markup that displays the consent banner. Operators can now add custom CSS for each account which the
server
will add (in addition to the predefined styles) to eachvault
response. In order to prevent operators from creating a misleading consent banner the following sanitzation rules are applied to the CSS before saving:Pros
Cons
The text was updated successfully, but these errors were encountered: