LastCommit: Migrate `signatureHtml` to a Vue component
Why are we doing this work
The LastCommit
Vue component currently retrieves HTML from Rails and renders it. This is a potential XSS vector which we should remove by migrating the server-side HTML over to client-side Vue components. We previously tried to address this using v-html-safe
which introduced a rendering bug. See !84862 (comment 908331969) for discussion.
Implementation guide
- Update path_last_commit.query.graphql to retrieve the new fields implemented in #362728 (closed)
- Create a
SignatureBadge
component inapp/assets/javascripts/commit
which receives thesignature
object from GraphQL and mirrors the current behavior ofapp/views/projects/commit/_signature.html.haml
- Replace
signatureHtml
with theSignatureBadge
component inlast_commit.vue
andcommit_item.vue
.
Verification steps
Edited by Brian Williams