fix(GlButton): use safe link directive
- Integration branch: gitlab!60961 (merged)
What does this MR do?
This reapplies the changes from !2155 (merged). They had to be reverted because GitLab actually renders a few legitimate "unsafe" links that rely on Data URLs. We needed a way to bypass the security check on specific links before releasing those changes in GlButton
.
To address the initial issues, this MR adds a few more changes:
- Creates the
SafeLinkMixin
mixin. It...- ...wraps the
SafeLink
directive. - ...exposes a
isUnsafeLink
prop. - ...is applied to
GlLink
andGlButton
.
- ...wraps the
- The
SafeLinkDirective
will now skip the transformation step wheneverisUnsafeLink
istrue
. - Additional documentation has been added to
GlLink
andGlButton
READMEs to better explain internal security measures.
As a small bonus, the SafeLinkDirective
module has been migrated to a named export to satisfy the global ESLint config.
Closes #1379 (closed)
Edited by Paul Gascou-Vaillancourt