Skip to content

fix(GlButton): use safe link directive

Paul Gascou-Vaillancourt requested to merge 1379-button-safe-links into main

What does this MR do?

This reapplies the changes from !2155 (merged). They had to be reverted because GitLab actually renders a few legitimate "unsafe" links that rely on Data URLs. We needed a way to bypass the security check on specific links before releasing those changes in GlButton.

To address the initial issues, this MR adds a few more changes:

  • Creates the SafeLinkMixin mixin. It...
    • ...wraps the SafeLink directive.
    • ...exposes a isUnsafeLink prop.
    • ...is applied to GlLink and GlButton.
  • The SafeLinkDirective will now skip the transformation step whenever isUnsafeLink is true.
  • Additional documentation has been added to GlLink and GlButton READMEs to better explain internal security measures.

As a small bonus, the SafeLinkDirective module has been migrated to a named export to satisfy the global ESLint config.

Closes #1379 (closed)

Edited by Paul Gascou-Vaillancourt

Merge request reports

Loading