New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make a link clickable on alternate downloads page #287
Conversation
4549ca1
to
1b233aa
Compare
I tried that -- the whole value ends up url escaped. I can give it another shot later today. You can also run the site locally in dev mode. It's a little janky, but there are notes in the README |
1b233aa
to
be5875e
Compare
ReactJS sanitizes displayed strings and escape all characters to prevent issues with user inputs (XSS attack, ...). First commit enables this, second one adds the clickable link. Tested locally 👍 I used https://stackoverflow.com/questions/27934238/rendering-raw-html-with-reactjs. |
@@ -11,7 +11,7 @@ const Paragraph = ({ children, className, highlight }) => { | |||
[`${baseClass}--highlight`]: highlight, | |||
}) | |||
|
|||
return <p className={classes}>{children}</p> | |||
return <p className={classes} dangerouslySetInnerHTML={{ __html: children }}></p> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is right, but I'm worried about applying it everywhere. What if we created a new class, DangerousParagraph
and applied it to this page?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only home and download pages are using it, so I would not be too afraid of this.
If you prefer a whole new component, you're welcome to add it.
The risk is really when you have user inputs, which is not something osquery website is going to have, it's just a "static" website presenting content.
Hi, this PR has been opened for a month. Would that be possible to integrate this? |
No description provided.